On Tue, May 24, 2011 at 6:10 AM, Michael Wood <[email protected]> wrote:
> http://thedailywtf.com/Articles/Disgruntled-Bomb-Java-Edition.aspx
>
> user=> (import '(dont.try_this.at_home ValueMunger))
> nil
> user=> (.start (ValueMunger.))
> nil
> user=> (def a 1)
> #'user/a
> user=> a
> 1
> user=> a
> java.lang.Exception: Unable to resolve symbol: b in this context
> (NO_SOURCE_FILE:0)
> a
> 2
>
> a
> 1
> user=> a
> java.lang.Exception: Unable to resolve symbol: b in this context
> (NO_SOURCE_FILE:0)
> user=> a
> #<core$_STAR___3341 clojure.core$_STAR___3341@37a001ff>
> user=> a
> 1
> user=> a
> 1
> a
> java.lang.Exception: Unable to resolve symbol: b in this context
> (NO_SOURCE_FILE:42)
> user=> a
> java.lang.Exception: Unable to resolve symbol: b in this context
> (NO_SOURCE_FILE:2)
> user=> a
> 2
> a
> java.lang.Exception: Unable to resolve symbol: b in this context
> (NO_SOURCE_FILE:0)
> user=> a
> 2
> user=> a
> 42
> a
> java.lang.Exception: Unable to resolve symbol: b in this context
> (NO_SOURCE_FILE:0)
I bet you could get up to some serious dickens in Clojure with this.
For starters, (alter-var-root #'clojure.core/map (constantly
evil-map)), and similarly, buried near the bottom of a random source
file where it's likely to go un-noticed for a while. Or even tucked
inside a function that gets called somewhat infrequently ... You could
also exploit polymorphism. Substitute atoms for all refs and you'll
get subtle concurrency bugs (remember my example code the other day?)
and as long as you make alter and commute resolve to swap as well as
ref to atom ... Most of the stuff at that article has some analogue.
For instance, substitute your own version of the locking macro that
calls monitorexit only 99% of the time ... some stuff locks up, then
deadlock, eventually. Or just do it without try/finally and watch as
exceptions eventually cause the accumulation of stale locks. Of course
these won't hurt code that relies exclusively on Clojure's own
constructs, which is where dicking with ref comes in ... And of course
you can use reflection and setAccessible to play havoc with not only
those Integer constants but some of the others, interned strings,
keywords, vars, symbols, namespaces, PersistentHashMap$EMPTY, etc.,
etc., etc. ...
=> (empty {:foo 42})
{:f--- :you!}
=>
Then there's always
(if (zero? (rand-int 100000))
(doto (JFrame.)
(=> (.getContentPane)
(.add
(JLabel.
(ImageIcon.
(ImageIO/read
(ByteArrayInputStream.
(byte-array [0x3d 0x4f 0x97 0x...])))))
BorderLayout/CENTER))
(.pack)
(.setVisible true))
(do-something-normal-instead))
where you programmatically generate the byte vector literal from
goatse or some other NSFW JPEG and then paste it in. Bonus points if
the evil company you used to work for makes educational software or
something. One disgruntled employee? One thousand disgruntled
customers and probably lawsuits. Maybe even a visit by the cops.
Amazingly, one thing I didn't see suggested was any variation on the theme of
(in occasionally-called function)
(if (zero? (rand-int 1000000)) (System/exit 127) (whatever should go here))
Nothing, and I mean NOTHING, is harder to debug than a silent abort
with no stacktrace or other diagnostic message!
--
Protege: What is this seething mass of parentheses?!
Master: Your father's Lisp REPL. This is the language of a true
hacker. Not as clumsy or random as C++; a language for a more
civilized age.
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to [email protected]
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
