MOO-cows Mailing List Archive


Re: Means of gathering data

>> Please note that this verb, and many others in this dump, are insecure.
>> They are +x and check whether the 'player' is a wizard - not a good
>> combination!
>Please explain to me the nature of the insecurity.  To me, it seems fine--
>'player' is the object number of the player who initiated the task
>that resulted in this code being run.  If that player's .wizard = 0 then
>they will get E_PERM.

Your assumptions are correct, but consider the following case: a malicious
programmer can do something like -

@verb me:tell tnt
@prog me:tell
if (player.wizard)
  fork (1);
    {object, verbname, newargs} = suspend();
return pass(@args);

Then, once somewiz tells him/her something, the programmer owns a suspended
task for which player.wizard is true. Next thing the programmer has to do
resume() that task, passing it suitable arguments, e.g. {your-recorder,
"start", {}}.
There are simpler ways, but this one gives an idea of how such a malicious
programmer could keep one or many such tasks, to be used at will later on,
e.g. when said wizard is not online anymore.

>Is there some wiz-owned core code I don't know about that changes 'player'
>to a wizard then executes other verbs with impunity?  I would point to _that_
>code as being a security leak.


>I wanted the code to be +x so wizards could write code of their own that
>could call these verbs, and I checked .wizard because I wanted these things
>to be wiz-only, period.

Executable verbs should typically check what the caller_perms() are. There
are some treatises on verb security around, good reading any time. :)

Gustavo Glusman               Founder/administrator of BioMOO
-- BioMOO: telnet 8888

Follow-Ups: References:

Home | Subject Index | Thread Index