in reply to Re^8: The Most Essential Perl Development Tools Today (guessing)
in thread The Most Essential Perl Development Tools Today
in the context of the sub GOOD { BAD } example: remember that this is about creating vulnerabilities ... [which] isn't about good programming practice, but of taking advantage of possible weaknesses.
"Vulnerability refers to the inability to withstand the effects of a hostile environment."
So, the hostiles somehow detect that I'm using two bareword filehandles in my script and then devise a mechanism by which the succeed in injecting a constant subroutine that effectively redirects one as the other into my scripts namespace.
The only way I can see for that to be possible, is that they modify the script itself; or, they modify one of the modules my script uses.
If they have access to my filesystem sufficiently to be able to exploit that "vulnerability"; don't you think that they might find easier, more direct ways of achieving their nefarious goals? Like maybe just writing whatever they damn please into whatever file they want to corrupt.
There's this vague memory running around my head. Something about shutting doors and horses bolting.
I'm also reminded of a company I sub'd at for a few months; they suddenly got paranoid about the number of people using one of the development labs and at some considerable expense added keycard locks and cameras to the entry points. One day the system that controlled the keycards crashed. That system lived inside the lab and no one could get in. They were about to get some guys into remove teh door from its hinges when one of the operators lifted a floor panel in the UPS room next door to the lab, crawled through the cable space and popped up in the lab and unlocked the doors from the inside.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^10: The Most Essential Perl Development Tools Today (vulnerability)
by tye (Sage) on Jan 12, 2013 at 06:47 UTC | |
by BrowserUk (Patriarch) on Jan 12, 2013 at 09:43 UTC |