Front page | perl.perl5.porters |
Postings from March 2023
From: zefram via perl5-porters
March 1, 2023 03:51
Message ID: firstname.lastname@example.org
This is a bug report for perl from email@example.com,
generated with the help of perlbug 1.43 running under perl 5.37.9.
<!--[Please describe your issue here]-->
The pod/perlfilter.pod document says "The original purpose of source
filters was to let you encrypt your program source to prevent casual
piracy.". The likening of copyright infringement to nautical hijacking is
wildly hyperbolic. Perl should not be spreading this line of tendentious
misinformation. Even without the hyperbole, it's misleading to say
that program encryption is aimed at preventing copyright infringement:
it doesn't actually impede copying of the whole file. The things it
really impedes are the understanding and editing of the program, which are
actions that are at most only loosely connected to copyright infringement.
I suggest that the word "piracy" should be replaced with "reading",
which is both a more neutral term and a more accurate description of what
program encryption impedes. There's also a similar problem with the word
"cracker" later in the document.
The document also understates how fundamental it is that program
encryption can't fully prevent access to the real source code.
The patch below fixes all of these problems. I see that the bug report
template has acquired some unfamiliar character sequences, which I
suspect is meant to make the bug report a document in some kind of markup
language. But since there's nothing (in the template or in perlbug(1)'s
output) specifying what language that might be, I'm not attempting to
engage with it. It's entirely likely that the patch would cause mayhem,
or at least render in a very broken way, if interpreted as markup.
This bug report, in the form in which I'm sending it, is nothing more
than plain ASCII text.
--- a/pod/perlfilter.pod 2023-03-01 02:58:11.023713244 +0000
+++ b/pod/perlfilter.pod 2023-03-01 03:40:31.954487800 +0000
@@ -12,7 +12,7 @@
The original purpose of source filters was to let you encrypt your
-program source to prevent casual piracy. This isn't all they can do, as
+program source to prevent casual reading. This isn't all they can do, as
you'll soon learn. But first, the basics.
@@ -205,18 +205,17 @@
All decryption filters work on the principle of "security through
obscurity." Regardless of how well you write a decryption filter and
how strong your encryption algorithm is, anyone determined enough can
-retrieve the original source code. The reason is quite simple - once
-the decryption filter has decrypted the source back to its original
-form, fragments of it will be stored in the computer's memory as Perl
-parses it. The source might only be in memory for a short period of
-time, but anyone possessing a debugger, skill, and lots of patience can
-eventually reconstruct your program.
+retrieve the original source code. The reason is quite simple:
+in order to execute your program Perl must parse its source code.
+This means that Perl must have all the information needed to decrypt
+your program, and that means that that information is also available to
+anyone able to run the program.
That said, there are a number of steps that can be taken to make life
-difficult for the potential cracker. The most important: Write your
+difficult for the potential reader. The most important: Write your
decryption filter in C and statically link the decryption module into
the Perl binary. For further tips to make life difficult for the
-potential cracker, see the file I<decrypt.pm> in the source filters
+potential reader, see the file I<decrypt.pm> in the source filters
<!--[Please do not change anything below this line]-->
Site configuration information for perl 5.37.9:
Configured by zefram at Wed Mar 1 02:31:43 GMT 2023.
Summary of my perl5 (revision 5 version 37 subversion 9) configuration:
uname='linux barba.rous.org 5.10.0-21-amd64 #1 smp debian 5.10.162-1 (2023-01-21) x86_64 gnulinux '
config_args='-des -Dprefix=/home/zefram/usr/perl/perl_install/perl-5.37.9-i64-f52 -Duselargefiles -Dusethreads -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib -Dusedevel -Uversiononly -Ui_db'
ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2'
cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
Linker and Libraries:
ldflags =' -fstack-protector-strong -L/usr/local/lib'
libpth=/usr/local/lib /usr/lib/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib
libs=-lpthread -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
perllibs=-lpthread -ldl -lm -lcrypt -lutil -lc
lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector-strong'
@INC for perl 5.37.9:
Environment for perl 5.37.9:
by zefram via perl5-porters