Re: more questions

• Date: Sat, 22 Feb 1997 17:28:43 PST
• From:
  Chris Williams <psion@mv.mv.com>
• Content-Transfer-Encoding: 7bit
• Content-Type: text/plain; charset=us-ascii
• Organization: Unorganized
• References: <3.0.1.32.19970222170504.006b7c30@pop.kaiwan.com>

> >if ($perm_utils:controls (caller_perms(), this) && (player == this.owner))
> >
> >This one checks to see that the owner of the verb calling this:moveto()
> >has permissions for this object (i.e. the owner or a wizard) and that the
> >task that resulted in the verbcall was started by this object's owner.
> >
> >That way, my malicious :tell verb would fail to move the object.
> >
> True, but then the editor couldn't move you in either.
> ($generic_editor:suck_in is owned by hacker.) You could check to see if an
> editor is the one moving you, but then someone could just make their own
> child and use it to move you.
> Maybe you can go through all frames of callers and make sure that
> frame[5]==player... although that might not work either.

Maybe if you're really that paranoid, you should lock your computer in the 
closet and never turn it on (let alone put it on a <gasp> network).
After all, if somebody really wanted to move you, they could just hack into the 
server machine, stop the MOO server, steal the DB, erase all the backups, alter 
your location by hand in a text editor, re-upload the DB, and restart the 
server.

Then again, maybe the best solution is to drop a 2-ton safe on whoever is 
malicously moving you around.

-- 
                                  -Chris^`~'*.,_,.*'~`^P$iON-
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM/IT/M/S d-- s+: a15 C++++$ UL+ P L-- E? W++(+++) N+ o? K? w++++@
O--- M-- V- PS++ PE- Y+ PGP- t+ 5++ X+ R+ tv+ b++ DI+++ D+
G++ e* h! r y- 
------END GEEK CODE BLOCK------

• Re: more questions
• From: Brack <slayer@kaiwan.com>

• Prev: Re: more questions
• Next: Re: more questions
• Index: MOO-cows
• Thread: MOO-cows