Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
the reference to rm -rf's at the bottom of an obfuscation made me think twice before running it

If an obfuscator wanted to zap you like that, he'd probably obfuscate the rm -rf somehow. You'd have no warning unless you de-obfuscated the code before running it, or read comments by others who either de-obfuscated it or got bitten. There are an infinite number of ways to obfuscate code, as I'm sure you're aware if you follow this section closely.

My suggestion is to keep an unprivileged account around for running untrusted code. I'm generally not a big advocate of unprivileged accounts; for normal, everyday use I feel that they cause more inconvenience than they're worth[1]. However, for running untrusted code, or code that processes untrusted data from the internet (especially, any kind of server code), an unprivileged account can save you a lot of grief. If you don't trust an obfu (or whatever other code you don't trust) run it as a user with no privileges, no access to your home directory with your data.

That said, I'll admit that with obfuscations on Perlmonks I often don't bother, especially if there are already positive comments by monks whose names I recognize. I haven't been bitten yet...


[1] I say this not to persuade anyone that it's true, nor to start an argument about it (I'm tired of that argument, believe me), but to point out that even someone who holds this view, such as myself, still sees the value of an unprivileged account for running untrusted code. Where you draw the line in terms of what software you choose to trust is another matter.


$;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,".rekcah lreP rehtona tsuJ";$\=$ ;->();print$/

In reply to Re: The best part of waking up? by jonadab
in thread The best part of waking up? by one4k4

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    LanX welcome to the twilight zone ...
    [Eily]: LanX well since the onion is your eye you should see it everywhere
    [marto]: sounds eye watering
    [LanX]: oh your talking about my pic?
    [Eily]: marto #SoSad
    [holli]: duh
    [marto]: I expect you to take a nice photo in Glasgow to replace this one :P
    [Eily]: LanX yup, saw it when I checked your current rank
    [LanX]: obviously the message is not clear enough if you only notice the onion now. ...

    How do I use this? | Other CB clients
    Other Users?
    Others surveying the Monastery: (14)
    As of 2017-12-14 16:20 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      What programming language do you hate the most?




















      Results (398 votes). Check out past polls.

      Notices?