MOO-cows Mailing List Archive

[Prev][Next][Index][Thread]

Re: callers() intensity



At 01:56 PM 6/10/96 PDT, you wrote:
>So I am looking at the following verb, which I haven't yet put on
>LambdaMOO's $perm_utils.  (It's written for 1.7.9p2, with obvious
>leanings towards 1.8.0p5 once available.)

Thank god!  I'd suggest always raising the error in the 1.8.0p5 code, and
letting them catch it.  None of this 'be gentle' crap. :)

>>":standard_permission_check( [BE GENTLE WITH ME] )";
>>"Usage:";
>>"  $<something>:standard_permission_check()";
>>"    or";
>>"  if (!$<something>:standard_permission_check(1))";
>>"    return E_PERM;";
>>"  endif";
>>"... this function may be used to REPLACE the commonly-used permissions
check";
>>"  if (caller == this || $perm_utils:controls(caller_perms(), this)";
>>"    return E_PERM;";
>>"  endif;";
>>"if BE GENTLE WITH ME is provided and true,then E_PERM will be -returned- if
>>the permission check fails, otherwise E_PERM is -raised-.";

>There's tick wastage 'cause of the comments at the top, but I can fix that
>by putting the documentation somewhere else and by tightening some code.

(side note) On E_MOO, we can put documentation at the bottom prefixed by
"DOCUMENTATION"; and $verb_help picks it up.

>What I wonder about is how CPU-intensive a call to callers() is.  Is a
>routine like this hard on the server?  I'd heard in past that callers() is
>ucky, so before I install this and encourage its use (in a slightly
>different form) I'd like to know if I'm doing a Bad Thing.

You can probally get away with passing the value of caller_perms() and
caller to this method, which will then do the checks (and more, if you so
desire).
Note that 'this' is avaiable to your verb as the value of caller.

Because of the in-db parser on E_MOO, every method has to be +x, but we also
want security, and we want to allow pass()ing, so I came up with a construct
like this that you prefix methods that would be !x normally:

$perm_utils:secure_caller(caller)
or it's optional form:
$perm_utils:secure_caller(caller, {list of objects you trust})
 (and I know, I reprogrammed 90% of E_MOO with a big security hole that was
picked up by this... I'm getting around to fixing it, so I don't want any
shit about it -- You know who you are!)

Anyway, what I'm getting at is this:

$<something>:standard_permissions_check(caller_perms(), caller)
/* (1.8.0p5 code) */
{cp, trying} = args;
if (trying == caller || $perm_utils:controls(cp, caller))
  return 1;
else
  raise(E_PERM);
endif

This way, while you do need to remember to pass the correct values, I'm sure
that pushing caller and the result of caller_perms() onto the stack is much
cheaper than a single call to callers().  Of course, this also means you
have to trust the arguments you are getting instead of directly examining
callers().  Ideally, passing the correct arguments should not be a problem
(but you never know).
Mmmh.. calling :standard_permissions_check is just as much typing as the if
clause.  Of course, if you needed tighter security, you could always
reprogram my :standard_security_check to examine callers() to get the
values.  Passing them saves a call to callers() though, if that is what you
are wanting to do without.

Andy.




Home | Subject Index | Thread Index