Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked

Re: Checking for duplicate subroutine names

by kcott (Chancellor)
on Oct 12, 2012 at 20:20 UTC ( #998782=note: print w/replies, xml ) Need Help??

in reply to Checking for duplicate subroutine names

G'day Ken,

Unfortunately, that rather sounds like a disaster waiting to happen. What if a user defined a custom subroutine like this:

sub generate_monthly_report { `rm -rf *` }

You may have already considered this sort of thing; however, it raised a red flag in my general direction so I'm just waving it back at you.

-- Ken

Replies are listed 'Best First'.
Re^2: Checking for duplicate subroutine names
by SirBones (Friar) on Oct 12, 2012 at 20:34 UTC

    Yes, absolutely understood. We are assuming a group of very local and trustworthy users; their jobs are on the line. ;-)



    "This bounty hunter is my kind of scum: Fearless and inventive." --J.T. Hutt
      Um... not a good assumption.

      What happens when one of them becomes disgruntled; is given notice; or the like?

      Oops. Bye bye who knows what.

      ... and what happens, someday in the sweet bye-and-bye when the powers-that-be decide your code creates a business opportunity to be shared with customers?

      [ sounds of gnashing of teeth; rending of flesh....]

      Please don't do it that way.

      My original example certainly suggests blatant maliciousness on the part of some user; however, the most trustworthy of employees, with the best intentions in the world, can write some apparently innocuous code which could have severely adverse side effects.

      Consider a user-supplied subroutine which simply reads some data (e.g. get_stock_count()). What happens if that code is called while some system function (e.g. update_stock_count()), which has been running successfully for years with no ill-effects, is in the process of being run? Is the read statement of get_stock_count() executed before or after the write statement of update_stock_count()? What are the implications of this?

      [Here's a potential scenario. Supplier (on the phone to User): "Is it a problem if those parts aren't delivered today?". User (after running get_stock_count()): "I've checked the stock count - we've got plenty - next week will be fine.". Production Manager (screaming at Senior Programmer the following day): "The manufacturing plant has ground to a halt. You're responsible for stock count data. User told me he ran code approved by you that reported an adequate supply. Tell me why I shouldn't sack you!"]

      My recommendation would be that any user-supplied code goes through the same process of quality control (review, testing, etc.) that you'd expect to apply to your own code.

      -- Ken

        I do appreciate the advice and concern, but in this case really no worries. These are isolated test beds (really isolated, they could have no possible contact with any of our production systems; for that matter their network interfaces are limited to the systems they are testing, which themselves have no external connections), with custom Linux images and dedicated hard wired interfaces. Root access is global. We end up rebuilding these things every few weeks (or days) for a number of reasons; if a user sat down and managed an "rm -rf *" I'd simply call him a bloody twerp, take away his Men's Room key, and put a new image on the thing. (I'm lying; we don't have Men's Room keys.)

        The security commentary is appreciated and understood but really not a concern in this case. My concern about duplicate subroutine names is entirely based on accidental over-writes, not maliciousness. A malicious or disgruntled user would have lots of better and more effective targets. To vent hostility on the systems I am referring to would be a shamefully unsatisfying exercise for the perpetrator. (And half the time, particularly on a Friday afternoon, I wouldn't mind if they did crash a system or two.)


        "This bounty hunter is my kind of scum: Fearless and inventive." --J.T. Hutt

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://998782]
[Discipulus]: good morning nuns and monks!
[Corion]: A good morning and weekstart to you too, Discipulus!

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (4)
As of 2018-06-25 07:14 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (126 votes). Check out past polls.