Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

First of all, thanks to everyone for all these deobfuscation spoilers! But I must say I was surprised to see my code labeled "Malicious" when that was never the intention.

And yes, it's true that my Module::AutoLoad code was removed from CPAN, which suddenly broke everyone attempting to utilize it, but Andreas restored it back. Sorry for those several hours of downtime last night.

Also, I named it botstrap because it acts sort of like bootstrap but is shorter and sounds more like hookbot of course.

Hopefully it will help if I walk through the hello_app.cgi example. You'll notice how it still works even if CGI::Ex isn't actually installed. Check out my console:

$ perl -MCGI::Ex -e '' Can't locate CGI/Ex.pm in @INC (@INC contains: /usr/local/lib64/perl5 +/usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/ +vendor_perl /usr/lib64/perl5 /usr/share/perl5 .). BEGIN failed--compilation aborted. $ perl hello_app.cgi Content-Type: text/html Hello World! $

So while this actually functions fine for most uninstalled CPAN module dependencies, it doesn't actually "install" the module. It simply copies the code from CPAN into your local ./lib/* folder. (That's the reason modules with XS code can't work with this.) The entire purpose is NOT to have to install anything and your Perl script can simply use the CPAN modules desired and it will just work automagically. So in order to minimize the amount of work for the super lazy, I wanted my snippet paste to be small enough to be worth bothering to do. That's why I decided to use TCP network to download the actual code that does the work to install the modules. But I frankly agree that it's generally NOT a good idea to run strings you get from sockets that you don't have total control over. So if you don't trust me, you should only try this in a throw-away Virtual Machine or some kind of more controlled environment. USE AT YOUR OWN RISK! I think that Grinnz probably said it best in his response, "while this approach might work fine for you it is not suitable to recommend to others".

So the moral is that if you are someone that trusts me, then you may continue to use my code if you want, and it will probably work fine, but just know that it could be dangerous or something could malfunction. Of course, I feel safe using it for my own stuff because I know how everything works and because I control all the endpoints it goes through and I know I will never put anything nefarious in it and I was just wanting to be helpful for others.

Again, I'm sorry if this code caused any fear or frustration or confusion for anyone. Feel free to let me know if you have any questions or suggestions about anything. Happy to spray out more spoilers for fellow Monks!


In reply to Re: Malicious module on CPAN by hookbot
in thread Malicious module on CPAN by choroba

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others imbibing at the Monastery: (3)
    As of 2020-10-28 21:00 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      My favourite web site is:












      Results (264 votes). Check out past polls.

      Notices?