[SECURITY] the basics? (was Re: force_input() and $do_command())

• Date: Sun, 7 Jul 1996 17:03:49 PDT
• From:
  Judy Anderson <yduj@cs.stanford.edu>
• cc: MOO-Cows.PARC@xerox.com
• In-Reply-to: "Richard Godard's message of Sun, 7 Jul 1996 02:41:44 PDT <v03007600ae0532bb993c@[128.18.20.118]>"
• Posted-Date: Sun, 7 Jul 1996 17:03:49 -0700 (PDT)

   Date: Sun, 7 Jul 1996 02:41:44 PDT
   From: Richard Godard <janus@cam.org>

   Some food for thought: it's not because caller_perms() are not valid that
   it's safe to set_task_perms(player). (Those who laugh hand have not fixed
   their $root_class:huh lose 1 clone :)

I'm confused.  $root_class:huh is 
 1:  set_task_perms(valid(caller_perms()) ? caller_perms() | player);
 2:  $command_utils:do_huh(verb, args);

I think this is safe.  If you think it unsafe, under what
circumstances can it be called other than by "player"'s typing a
command line, and what would you recommend as a security check?
Thanks.

      Judy Anderson yclept yduJ          'yduJ' rhymes with 'fudge'
 yduJ@cs.stanford.edu (personal mail)   yduJ@harlequin.com (work-related)
	Join the League for Programming Freedom, lpf@uunet.uu.net

• Re: [SECURITY] the basics? (was Re: force_input() and $do_command())
• From: Richard Godard <janus@cam.org>

• [SECURITY] the basics? (was Re: force_input() and $do_command())
• From: Richard Godard <janus@cam.org>

• Prev: [SECURITY] the basics? (was Re: force_input() and $do_command())
• Next: Re: [SECURITY] the basics? (was Re: force_input() and $do_command())
• Index: MOO-cows
• Thread: MOO-cows