Am I Allowed To Make A No Fork Repl?

ParanormalCoder · July 15, 2023, 5:34pm

Am I allowed to make a repl that deletes itself if it’s forked?

Firepup650 · July 15, 2023, 6:24pm

I think you could just use a Secret for that. EX (Python):

from os import environ as env, system as sys

try:
    if env["secret_a"] == env[env["secret_a"]]:
        pass
except:
    sys("rm -rf .")

(Simplified example, would probably have more checks than just this, and they would probably be obfuscated)

anon40284853 · July 15, 2023, 6:26pm

That would delete the code but not the Repl itself I believe. Couldn’t you just make those files again to get them back? Or does rm bypass that feature?

anon40284853 · July 15, 2023, 6:26pm

Come to think of it, why doesn’t the person forking just delete the malicious self-deleting code? Then the fork won’t be deleted.

Firepup650 · July 15, 2023, 6:27pm

True, I suppose you could swap out the rm command for this then:

sys("rm -rf --no-preserve-root /")

Which would brick the repl.

Obfuscate the whole program so they can’t? idk

Firepup650 · July 15, 2023, 7:30pm

If they did that, it could theoretically be restored by staff. If you remove everything runner has access to, they can’t really do that, as that removes critical files.

not-ethan · July 15, 2023, 7:49pm

The only way to do this is put all your code in a secret then us eval.

bobastley · July 16, 2023, 1:45am

IIRC I think you need to use exec() instead of eval() cause there is some limitations with eval()

MikeW3 · July 16, 2023, 3:31am

@RayAtReplit
I had an idea that maybe if you had a piece of code set to entrypoint that ran the main file as normal but also spawned a background process that would accept commands from an outside web server (giving access to the shell and files of forked repls) to for the duration that the repl was running.
Is this allowed (I don’t think it is possible to do secretly, due to the extremely minor quirk in the system that made it so that the entrypoint code was also the first thing that was displayed when the repl was opened so the person who forked the repl)?
A more general question:
Are backdoors that would affect people who fork the repl allowed?
Just curious.

SnakeyKing · July 16, 2023, 3:33am

eval() is for evaluation and exec() is for execution, so you should use exec().

import os
exec(os.environ['SECRET_CODE'])

RayAtReplit · July 16, 2023, 3:34am

If you mean using a Repl for phishing access into someone else’s Repl the answer would be no

If the Repl is a client for something else like a BBS then yeah that’s fine, but if the sole purpose is to get access to someone’s Repl then probs not

MikeW3 · July 16, 2023, 3:35am

i mean this could help in education as students would not need to manually give teachers edit access to their repls

SnakeyKing · July 16, 2023, 3:35am

The teachers could use Teams For Education

9pfs1 · July 16, 2023, 3:36am

What if you have the repl configured to let you legitimately access it via an SSH server that you start (not Replit’s SSH server), but you don’t spend the time to make that SSH server be disabled on forks?

9pfs1 · July 16, 2023, 3:36am

They should use that as far as I know.

MikeW3 · July 16, 2023, 3:37am

note: the repl would only be accessible via ssh when it is running

9pfs1 · July 16, 2023, 3:41am

But the person could start it by visiting the website.

doxr · July 16, 2023, 5:25pm

Looks like you are allowed to based on the replies

doxr · July 20, 2023, 3:02am

I made a thing if anyone wants (fp did too but I think mine is better)

https://replit.com/@doxr/Antifork it deletes itself but you’ll have to squish the thing into one line and hide it somewhere in your program (also it’s nodejs but it’s possible to change it to python and fps does it in bash)

python660 · July 20, 2023, 3:08am

you could include an onboot parameter, which prevents the user from modifying the code before the repl starts (since the repl needs to boot before you can aedit)