MOO-cows Mailing List Archive

[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Source-level debugger and security


(This is the last of the MOO-Cows mailings I've been saving up for a
moment of free time...)

I was interested in hearing assessments of security issues raised by
two features in the source-level debugger.  Being anything but an
expert in MOO security, I took the conservative path and
wizard-restricted these features.  I have been asked since then,
however, if this is really necessary.  

The first feature I felt might pose a security problem is the
set_task_debug() built-in function.  This allows the caller to change
the +d/-d state of any given executing task *in any stack frame*, not
just the "top-most" one.  It can be used on itself or on any suspended
task.  It is currently wizard-restricted because I felt nervous with
any less stringent level of security.  I was wondering if anyone can
rationalize my paranoia or suggest that it is unfounded.

The second feature that I felt raised security issues is the ability
to mutate or undefine a variable in any frame of a suspended task or
in the current task.  This clearly raises many significant security
issues.  My question is if anyone can create a less stringent security
check which is still sufficient to prevent the sort of nastiness that
could arise when wizard-owned code calls player-owned code which uses
this built-in?

Finally, for those interested in experimenting with the SLD patch but
who are not interested in writing lots of MOOcode using the interface
it provides, sources suggest that a "$debug", based on a LambdaCore
generic editor, is in the final stages of preparation...

Thank you,

--Nick Ingolia

Home | Subject Index | Thread Index