Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Re^3: The Importance of Being Earnest

by zshzn (Hermit)
on Sep 19, 2006 at 19:59 UTC ( #573805=note: print w/replies, xml ) Need Help??

in reply to Re^2: The Importance of Being Earnest
in thread The Importance of Being Earnest

That's an unrealistic criticism. Of course I can defeat my own program with access on my own machine. With the level of access to do any of those things, I can also just change the code. The ability to do so doesn't make this program have a "huge security hole".

Do you NOT rely on @INC to find modules, brian d foy? If someone has altered and replaced perl itself, then all programs, as you say, have a "huge security hole". At some point you have to have a measure of good faith in the system you're using, because ultimately you are relying on its integrity.

This program does not verify file integrity. All it does is display hashes of strings. The only issue if they were wrong is an information mistake. Security is also about what you can lose. In this program, it isn't much.

Some more concrete ways to defend against a malicious Digest::MD5 are to run checksums against the modules themselves, and to run a series of tests to make sure md5_hex() is acting accurately. Still vulnerable to the ever dangerous replaced perl attack, and the critical "attacker modifies your own code" attack.

Replies are listed 'Best First'.
Re^4: The Importance of Being Earnest
by radiantmatrix (Parson) on Sep 22, 2006 at 16:22 UTC

    If someone has altered and replaced perl itself, then all programs, as you say, have a "huge security hole".

    Dude, that was kind of his point. Any application which has dependencies has, as a potential security risk, malicious or accidental alteration of those dependencies. Fortunately, since you weren't using the MD5 for anything (except to display it), your particular implementation doesn't represent a significant risk; the point is, you can't ever say "it has no security holes".

    On a side note, one of my clients uses a digest (Digest::SHA-256, in this case) for file integrity checking. As an extra layer of security, files with known digests are fed to the production tool, and its output is checked against a separate implementation of the algorithm (on an off-network machine): if ever they fail to match, the box will be marked compromised and rebuilt.

    A collection of thoughts and links from the minds of geeks
    The Code that can be seen is not the true Code
    I haven't found a problem yet that can't be solved by a well-placed trebuchet

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://573805]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (4)
As of 2022-05-22 12:02 GMT
Find Nodes?
    Voting Booth?
    Do you prefer to work remotely?

    Results (80 votes). Check out past polls.