Unix/Linux Go Back    

RedHat 9 (Linux i386) - man page for filter::decrypt (redhat section 3)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

decrypt(3)		       User Contributed Perl Documentation		       decrypt(3)

       Filter::decrypt - template for a decrypt source filter

	   use Filter::decrypt ;

       This is a sample decrypting source filter.

       Although this is a fully functional source filter and it does implement a very simple
       decrypt algorithm, it is not intended to be used as it is supplied. Consider it to be a
       template which you can combine with a proper decryption algorithm to develop your own
       decryption filter.

       It is important to note that a decryption filter can never provide complete security
       against attack. At some point the parser within Perl needs to be able to scan the original
       decrypted source. That means that at some stage fragments of the source will exist in a
       memory buffer.

       Also, with the introduction of the Perl Compiler backend modules, and the B::Deparse mod-
       ule in particular, using a Source Filter to hide source code is becoming an increasingly
       futile exercise.

       The best you can hope to achieve by decrypting your Perl source using a source filter is
       to make it unavailable to the casual user.

       Given that proviso, there are a number of things you can do to make life more difficult
       for the prospective cracker.

       1.   Strip the Perl binary to remove all symbols.

       2.   Build the decrypt extension using static linking. If the extension is provided as a
	    dynamic module, there is nothing to stop someone from linking it at run time with a
	    modified Perl binary.

       3.   Do not build Perl with "-DDEBUGGING". If you do then your source can be retrieved
	    with the "-Dp" command line option.

	    The sample filter contains logic to detect the "DEBUGGING" option.

       4.   Do not build Perl with C debugging support enabled.

       5.   Do not implement the decryption filter as a sub-process (like the cpp source filter).
	    It is possible to peek into the pipe that connects to the sub-process.

       6.   Check that the Perl Compiler isn't being used.

	    There is code in the BOOT: section of decrypt.xs that shows how to detect the pres-
	    ence of the Compiler. Make sure you include it in your module.

	    Assuming you haven't taken any steps to spot when the compiler is in use and you have
	    an encrypted Perl script called "myscript.pl", you can get access the source code
	    inside it using the perl Compiler backend, like this

		perl -MO=Deparse myscript.pl

	    Note that even if you have included the BOOT: test, it is still possible to use the
	    Deparse module to get the source code for individual subroutines.

       7.   Do not use the decrypt filter as-is. The algorithm used in this filter has been pur-
	    posefully left simple.

       If you feel that the source filtering mechanism is not secure enough you could try using
       the unexec/undump method. See the Perl FAQ for further details.

       Paul Marquess

       19th December 1995

perl v5.8.0				    2003-01-27				       decrypt(3)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 01:20 PM.