Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
in the context of the sub GOOD { BAD } example: remember that this is about creating vulnerabilities ... [which] isn't about good programming practice, but of taking advantage of possible weaknesses.

"Vulnerability refers to the inability to withstand the effects of a hostile environment."

So, the hostiles somehow detect that I'm using two bareword filehandles in my script and then devise a mechanism by which the succeed in injecting a constant subroutine that effectively redirects one as the other into my scripts namespace.

The only way I can see for that to be possible, is that they modify the script itself; or, they modify one of the modules my script uses.

If they have access to my filesystem sufficiently to be able to exploit that "vulnerability"; don't you think that they might find easier, more direct ways of achieving their nefarious goals? Like maybe just writing whatever they damn please into whatever file they want to corrupt.

There's this vague memory running around my head. Something about shutting doors and horses bolting.

I'm also reminded of a company I sub'd at for a few months; they suddenly got paranoid about the number of people using one of the development labs and at some considerable expense added keycard locks and cameras to the entry points. One day the system that controlled the keycards crashed. That system lived inside the lab and no one could get in. They were about to get some guys into remove teh door from its hinges when one of the operators lifted a floor panel in the UPS room next door to the lab, crawled through the cable space and popped up in the lab and unlocked the doors from the inside.


With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

In reply to Re^9: The Most Essential Perl Development Tools Today (guessing) by BrowserUk
in thread The Most Essential Perl Development Tools Today by Tommy

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others musing on the Monastery: (6)
    As of 2014-10-25 13:26 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      For retirement, I am banking on:










      Results (143 votes), past polls