MOO-cows Mailing List Archive

RE: stupid newbie question

Date: Thu, 8 Feb 1996 22:22:22 PST
From:
Ron Stanions <chaeon@roc.clawpaw.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"

This might be a problem for other M*'s but it is not a problem for MOO's.  MOO's have no access to the file system except for the loading and dumping of the database core, which is fixed and unchangable at the time of loadup. Its only other connection mechanisms are the IP listener ports to which it is assigned, and if you have the appropriate #define enabled in the options.h file uncommented, then it will allow outbound connections, which are typically used for sending mail back to the users and/or connections to other moo's or other services.  As long as you don't have allow outbound connections uncommented in options.h, then there is no way for a stock unmodified MOO server to be used for security breakins of any sort that I can concieve.

If she's really that worried, then you could always set the MOO up to run under an ordinary account, (any standard user account, it does not need root access to execute, though it may need a special kind of IP port permission depending on the unix permissions and securities in effect on your site.)  and if you did want to run it under root access, (for no reason I could give you except perhaps for IP port restrictions needing root access on some machines when using a port number above 1023) you can always set it up using the chroot command to guarantee no access to any other part of the filesystem as well.  (Tho linux doesn't seem to have a 'chroot' command one could be whipped up in five minutes by your average C programmer.  MOO doesn't require any external programs to run, it's completely self contained.

----------
From:  Bill Lantry[SMTP:wfl38@sruvm.sru.edu]
Sent:  Thursday, February 08, 1996 11:37 PM
To:  MOO-Cows@parc.xerox.com
Subject:  stupid newbie question

OK, first message. I'm setting up a MOO. One member
of the CS dept is in strong opposition... very strong...
what can I do to

politically: quiet her fears

Technically: make the MOO secure

she's worried about breakins... and says MOOs are notorious
among sysops as security nightmares. After months of work
on my part to get the server acquired and running, she wants
it shut down and banned.

ps. it's running BSD with the Lambda core...

Thanks,

Bill

***********************************************************************

Dr. William F. Lantry
Chair, Educational Technology Committee
Department of English

Prev: Re: stupid newbie question
Next: Re: stupid newbie question
Index: MOO-cows
Thread: MOO-cows

Home | Subject Index | Thread Index