MOO-cows Mailing List Archive


Re: Connection Redirection?

Ranalou <> writes:
>Okay, here's a silly question then-
>Say I were to implement a verb on myself, @wiz, which of course is 
>wizard-owned and it's sole purpose is to toggle my wizbit.  Save for a 
>few minor things (like @chown, for example), shouldn't this allow me to 
>fully function as a wizard?  Why play with output redirection and 
>'su'-like commands?  I forsee being unable use any verbs written on the 
>wizard player-class, and a potential for a breach in security.  My 
>questions are how inconvenienced would I truly be by not being able to 
>execute those verbs, and how potentially large of a security hole could I 
>open up?

This won't work well.  All the verbs that you own will toggle back and
forth as wiz-privileged as you do.  Which could mean that you will open
a security hole as you enter wiz mode.  But certainly, any verbs you
write that require wiz privileges will cease to function as soon as
you have toggled your wizard bit off.


Tom Ritchford,

Verge's "Little Idiot" -- Music for the mentally peculiar.


Home | Subject Index | Thread Index