Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Danger or not: obfuscation

by johnnywang (Priest)
on Sep 23, 2004 at 18:23 UTC ( [id://393292]=monkdiscuss: print w/replies, xml ) Need Help??

To spoil the fun: recently I've discovered some wonderfully beautiful obfuscations:camel code, Propose.. I just copied the code and ran them, all worked out fine. It just dawned on me that there might be danger in doing that, after all, how can one be sure of what the obfuscated code does, it could wipe out my computer, or do worse. What do you monks do?

Replies are listed 'Best First'.
Re: Danger or not: obfuscation
by perrin (Chancellor) on Sep 23, 2004 at 19:10 UTC
    No problem: just run them on your co-workers' computers instead of your own.

      Aaah, the force is strong in this one. -- Darth BOFH

Re: Danger or not: obfuscation
by Zaxo (Archbishop) on Sep 23, 2004 at 18:34 UTC

    The tradition for obfu in general is that you must understand before you run. Doing otherwise is at your own risk.

    Here at pm, we've been moderate about that and generally frown on destructive code. That custom is not to be relied on, because it can be and has been broken at times.

    We tend to cite the bigger tradition, laugh, and go on when it's broken. There are usually considerations and cries for Something To Be Done. Little comes of that since the thing called to be done is quite impossible (some flavor of halting problem).

    After Compline,
    Zaxo

Re: Danger or not: obfuscation
by hossman (Prior) on Sep 23, 2004 at 21:24 UTC

    I don't run obfuscated code unless I understand it, or it's got lots of replies from other people wose judgement i've learned to trust that say things like "this is really cool".

    Obviously any obfu with a reply that says "DON'T RUN THIS, IT'S A TROJAN HORSE, WHAT IT DOES IS...." should not be trusted.

      Do not believe the parent post. It is a trojan horse. What it does is infect your brane with an antiobfu, antifun meme!
Re: Danger or not: obfuscation
by belg4mit (Prior) on Sep 24, 2004 at 02:17 UTC
    You could run it in a sandbox of some kind like Safe. Or run it as a user with no priveleges. Even though I generally figure them before hand I tend to run them on a windows box (crap that'll break anyways, and doesn't have rm :-P)

    --
    I'm not belgian but I play one on TV.

      Safe isn't safe.

      If I want to run code that I don't really trust, I fire up my trusty ol' Virtual PC, after having backed up the disk image. This has no personal data in it. If whatever it is does Naughty Things, I can back them out by restoring the backup of the disk image.

        Yes, we know. We also know while there's no rm on Windows unlink is still there. The point is you can take simple precautions that go a rather long way for little effort.

        Most don't have Virtual PC, or Pear etc. etc., or even User Mode Linux for that matter, setup.

        --
        I'm not belgian but I play one on TV.

Re: Danger or not: obfuscation
by MrCromeDome (Deacon) on Sep 24, 2004 at 04:36 UTC
    Your caution is well-founded.

    And when someone does mention a danger, you'd be wise to listen ;) Don't be a dumbass like me - I posted what should have been a fun toy (search the monastery for Spudgun and see what I mean), and when someone wrote a form stuffer for me Spudgun, I blew it off thinking "no one here would actually do that!" And they did ;) So after some pissed off sysadmin's contacted me, I took it down.

    ++ to all the good advice posted before mine - even to the aspiring BOFH for the well-needed laugh! ;)

    Cheers!
    MrCromeDome

Re: Danger or not: obfuscation
by jacques (Priest) on Sep 24, 2004 at 04:45 UTC
    This is a non-issue for me, since I like to sit back and enjoy the pretty pictures without actually running the code. Sort of like Playboy for geeks.
Re: Danger or not: obfuscation
by radiantmatrix (Parson) on Sep 24, 2004 at 17:57 UTC

    If I can't understand the obfu enough to trust it, I run it inside a debugger (after checking for AUTOLOAD and BEGIN tricks). I won't execute a given parsed line until I know what it does. Really helps learn the obfu, too!

    require General::Disclaimer;

    All code, unless otherwise noted, is untested

    "All it will give you though, are headaches after headaches as it misinterprets your instructions in the most innovative yet useless ways." - Maypole and I - Tales from the Frontier of a Relationship (by Corion)

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: monkdiscuss [id://393292]
Approved by Old_Gray_Bear
Front-paged by grinder
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (4)
As of 2024-04-19 21:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found