|Welcome to the Monastery|
Re: How to ensure that a supported version of my script is being executed?by flexvault (Parson)
|on Aug 21, 2012 at 20:51 UTC||Need Help??|
Since I was brought back into this and since for the moment I'll assume that management wouldn't help you, because they think it's cute to corrupt an Oracle database. Here's a non fool proof idea.
First, you have to nullify all existing copies of your code, good and bad, and then the good code must be read-only to all users (including you). If you need to update the script, then you have to delete it, and then copy a new version, and then make it read-only. You also have to change the way you call Oracle so that your old scripts don't work any more. (hint: change password, change Table name, etc.)
Now write your 'C' program to verify the exact Perl script by not allowing it to be a symbolic link and that MD5 or SHA1 is correct. What I suggest is to read the Perl script into memory and add 50+ characters of non-printable data to it and then verify the MD5/SHA1 of that. If it fails then abort. Obviously the 'C' program must know the valid MD5/SHA1 value, but you can split the MD5/SHA1 into parts and resemble in memory, plus make the 'C' executable at least 100K in size. Now have the C executable write the script to an unique location with a unique name and then have the C program execute your script from there.
It will help, but if someone is determined...
If the 'C' program works, then you can update you Perl scripts and distribute them to happy users. We can hope!
This may help you if your problem user(s) doesn't want to spend a few days figuring out what you have done, but if s/he's good and persistent...
Plan B..Z is find a better job with better management :-)
"Well done is better than well said." - Benjamin Franklin