Re: Security... and stuff

• Date: Thu, 18 Jul 1996 13:32:34 PDT
• From:
  Richard Godard <janus@cam.org>
• Content-Type: text/plain; charset="us-ascii"
• In-Reply-To: <199607181854.OAA25167@rabbit.INS.CWRU.Edu>

At 10:54 -0800 7/18/96, Seth I. Rich wrote:
>>Just wondering, but I know of people who /insist/ that it's not even okay to
>>have a permission check using 'player' in a -x, command line verb. There
>>isn't any way to hack the player variable in a -x verb is there? What are
>>they talking about?
>
>This is, in fact, true.  Up to LambdaMOO 1.8, it was guaranteed that a !x
>command was executed by "player".  LambdaMOO 1.8 introduced a server builtin
>called `force_input()' which now allows wizards to "spoof" commands by other
>players in an undetectable fashion.

Note: wizard and the player itself... which introduce a whole range of new
and fancy security holes.... enjoy :)

• Re: Security... and stuff
• From: <thomas@xs4all.nl>

• Re: Security... and stuff
• From: "Seth I. Rich" <sir@po.cwru.edu>

• Prev: Re: Security... and stuff
• Next: RE: Security... and stuff
• Index: MOO-cows
• Thread: MOO-cows