MOO-cows Mailing List Archive


Re: Security... and stuff

>Just wondering, but I know of people who /insist/ that it's not even okay to
>have a permission check using 'player' in a -x, command line verb. There
>isn't any way to hack the player variable in a -x verb is there? What are
>they talking about?

This is, in fact, true.  Up to LambdaMOO 1.8, it was guaranteed that a !x
command was executed by "player".  LambdaMOO 1.8 introduced a server builtin
called `force_input()' which now allows wizards to "spoof" commands by other
players in an undetectable fashion.  While before, a security hole (wizardly
or not) had limited (although perhaps fatal) ways to be abused, now a hole
which permits arbitrary evals can do -anything- the cracked player can do,
and can do it undetectably.

That aside, however, this is easily patchable.  If your MOO has a 
$server_options object (which it probably does), add the property 
"protect_force_input" and give it a true value.  Then add as a callable
verb #0:bf_force_input which contains only the line `raise(E_PERM);'.
This hole will be patched, and only may be abused by wizards who do so

In general, however, !x verbs are sufficiently secure that "player" may
be used.  The force_input() considerations don't come into play that
frequently -- only for super-paranoid secure systems.

Seth I. Rich -
                                 There is nothing more precious than
Rabbits on walls, no problem.    a tear of true repentance.


Home | Subject Index | Thread Index