MOO-cows Mailing List Archive
Re: [SECURITY] the basics? (was Re: force_input() and $do_command())
At 6:28 -0800 7/7/96, Eric Mercer wrote:
>At 02:41 AM 07/07/96 PDT, Richard Godard wrote:
>>When you have a -x command, and that you expect the user of the command to
>>have it defined on one of his/her ancestors, a simple check like:
>>if (player != this)
>>NEVER HURT... the lack it (as Gustavo showed it) can result in a big mess...
>Shark frenzy! This one will hurt when your fellow wizard, who is not so
>bright when it comes to security, sets the verb +x and suddenly "player" is
>vulnerable. However, using:
Well as stated on the first line: WHEN YOU HAVE A -X COMMAND/VERB...
Then if fellow wizard is clueless enough to do that with +x commands...
then maybe the clueless wizard might want to read your paper about MOO
security? (Eric, could you bring light to the masses and remind us of the
> return player:notify(E_PERM);
>will work if the verb is +x or -x so you might as well use that instead.
>The consequences of security holes in verbs on user characters is usually
>sufficiently nasty that it's best to use every opportunity to guard.
Of course, of course... But I'm tempted to say:
Shark frenzy! This one will hurt when your fellow wizard, who is not so
bright when it comes to security, sets the verb +x and suddenly the
set_task_perms(player) that is a few line bellow can be fooled... (because
if it's +x && (caller == this) && (player != caller) your
fellow-not-so-bright-wiz will get a bad suprise is the verb is defined on a
public player class and that this == name_your_favortite_chacker)
We could argue at length about using set_task_perms(this) rather than
But I will just quote my first mail:
>Also in a +x verb not called by the server directly, you should rely on the
>caller_perms() for security not the value of player.
I would add that if the verb is +x and intended to be called by both the
server (as a command) and other verbs then it's up to you to make a proper
security check that will make the difference between a server call and a
in-db verb call...
Janus (two faces, one always looking in the back)
Subject Index |