stupid newbie question

Ron Stanions (chaeon@roc.clawpaw.com)
Thu, 8 Feb 1996 22:22:22 PST
Messages sorted by:[ date ][ thread ][ subject ][ author ]
This might be a problem for other M*'s but it is not a problem for =
MOO's.  MOO's have no access to the file system except for the loading =
and dumping of the database core, which is fixed and unchangable at the =
time of loadup. Its only other connection mechanisms are the IP listener =
ports to which it is assigned, and if you have the appropriate #define =
enabled in the options.h file uncommented, then it will allow outbound =
connections, which are typically used for sending mail back to the users =
and/or connections to other moo's or other services.  As long as you =
don't have allow outbound connections uncommented in options.h, then =
there is no way for a stock unmodified MOO server to be used for =
security breakins of any sort that I can concieve.

If she's really that worried, then you could always set the MOO up to =
run under an ordinary account, (any standard user account, it does not =
need root access to execute, though it may need a special kind of IP =
port permission depending on the unix permissions and securities in =
effect on your site.)  and if you did want to run it under root access, =
(for no reason I could give you except perhaps for IP port restrictions =
needing root access on some machines when using a port number above =
1023) you can always set it up using the chroot command to guarantee no =
access to any other part of the filesystem as well.  (Tho linux doesn't =
seem to have a 'chroot' command one could be whipped up in five minutes =
by your average C programmer.  MOO doesn't require any external programs =
to run, it's completely self contained.

----------
From:  Bill Lantry[SMTP:wfl38@sruvm.sru.edu]
Sent:  Thursday, February 08, 1996 11:37 PM
To:  MOO-Cows@parc.xerox.com
Subject:  stupid newbie question

OK, first message. I'm setting up a MOO. One member
of the CS dept is in strong opposition... very strong...
what can I do to

politically: quiet her fears

Technically: make the MOO secure

she's worried about breakins... and says MOOs are notorious
among sysops as security nightmares. After months of work
on my part to get the server acquired and running, she wants
it shut down and banned.

ps. it's running BSD with the Lambda core...

Thanks,

Bill

***********************************************************************

Dr. William F. Lantry
Chair, Educational Technology Committee
Department of English