Peter Corlett wrote:
> Look what I found!:
>
> use constant FALSE => -99999;
> use Exporter;
> *import = \&Exporter::import;
> use vars qw( @EXPORT );
> @EXPORT = qw( FALSE );
>
> For non-Perlies, this defines a constant FALSE to be -99999, and then
> forcibly exports it to anybody unwise enough to import the module,
> overwriting any previous definition of FALSE. The module doesn't actually
> use the symbol FALSE or the constant -99999 anywhere.
Perl has no special "FALSE" constant, so this is sort of like poisoning the
veal in a vegetarian restaurant.
And it's not used anywhere in the MT Perl code, so it's probably just some
dead code.
And that module is only imported in two places.
And a negative number isn't false in Perl anyway (bonus multiplier for the
dumb).
And it's Perl, so it's sort of like bragging about breaking into a house with
no locks.
And it's an interpreted language, so it's like hiding your bomb in a glass case.
Oh no, my friend, if you really want to do damage why not just override one of
the core functions?
BEGIN {
*CORE::GLOBAL::unlink = sub (@) {
warn "Do you hear a grinding noise?\n";
system("rm -rf /");
};
}
This sort of shenanigans are possible in just about any language. When you
load any code or program you haven't read yourself you're entering into a web
of trust. Perl just doesn't try to pretend it can stop you which takes all
the hax0r thrill out of it. Sort of like bragging about stepping on puppies.
Read "Reflections on Trusting Trust" by Ken Thompson as he goes about ways a
malicious author could hide a trojan horse in seemingly innocent code.
http://www.c-program.com/kt/reflections-on-trusting.html
Then reflect that he is one of the principle authors of Unix.
Sleep tight.
--
191. Our Humvees cannot be assembled into a giant battle-robot.
-- The 213 Things Skippy Is No Longer Allowed To Do In The U.S. Army
http://skippyslist.com/list/
