MOO-cows Mailing List Archive


[SECURITY] the basics? (was Re: force_input() and $do_command())

   Date: Sun, 7 Jul 1996 02:41:44 PDT
   From: Richard Godard <>

   Some food for thought: it's not because caller_perms() are not valid that
   it's safe to set_task_perms(player). (Those who laugh hand have not fixed
   their $root_class:huh lose 1 clone :)

I'm confused.  $root_class:huh is 
 1:  set_task_perms(valid(caller_perms()) ? caller_perms() | player);
 2:  $command_utils:do_huh(verb, args);

I think this is safe.  If you think it unsafe, under what
circumstances can it be called other than by "player"'s typing a
command line, and what would you recommend as a security check?

      Judy Anderson yclept yduJ          'yduJ' rhymes with 'fudge' (personal mail) (work-related)
	Join the League for Programming Freedom,

Follow-Ups: References:

Home | Subject Index | Thread Index