MOO-cows Mailing List Archive


Re: Security... and stuff

On Sat, 20 Jul 1996, Kipp the Kidd wrote:

> At 03:02 AM 7/19/96 PDT, wrote:
> >Not just security holes.. Allowing players to call ;force_input on
> >themselves allows them to create a new kind of forkbomb, a hard to find
> >one. make a verb that calls force_input on yourself, calling that verb.
> >(Call force_input only once if you just want to see if it works, call it
> >twice or more if you want to see what happens to the server) You can't see
> >it in the forked list, and i don't think there is a way to kill the tasks
> >(yet ?) from within the server...
> Yes, there is.
> Disconnect the player.
Well, I haven't tried it but I'm guessing that this won't work.  One of the
main reasons that the .flush command was created is that in 1.8.0, when
players disconnect, their command queue stays around until it's empty.
So I doubt disconnecting them will do any good at all.  I'm also not sure
about doing a
  ;force_input(foo, connection_options(foo, "flush-command"))
like someone suggested since I think someone asked about that shortly after
the flush command was added and Pavel (?) said it wouldn't work.  Although
I wasn't paying real close attention to MOO-Cows back then and I could
be wrong.
                                                   -- Dark_Owl


Home | Subject Index | Thread Index