Re: [SERVER, SECURITY] bug in set_task_perms() ?

• Date: Sat, 23 Sep 1995 10:09:32 PDT
• From:
  "Nate Massey" <natem@ctdnet.acns.nwu.edu>
• cc: bmgustav@bioinformatics.weizmann.ac.il, MOO-Cows.PARC@xerox.com
• Content-Length: 354
• Content-Type: text
• In-Reply-to: "<Pine.SUN.3.91.950922210413.3458A-100000@simon.sfsu.edu> from \"Rich Connamacher\" at Sep 22, 95 09:06:38 pm"

> In all of my verbs, to test top level-ness, I just make the quick and 
> tick-friendly check 'if (valid(caller))'.  A wiz can fool caller_perms(), 
> but can't fool the variable 'caller'.

Actually, any programmer can fool the variable caller.  Check it out:

;eval("return caller;")
=> {1, #-1}

So they could just call your verb with eval().

--Nate

• Re: [SERVER, SECURITY] bug in set_task_perms() ?
• From: Rich Connamacher <phantom@baymoo.sfsu.edu>

• Prev: Re: [SERVER, SECURITY] bug in set_task_perms() ?
• Next: Re: [SERVER, SECURITY] bug in set_task_perms() ?
• Index: MOO-cows
• Thread: MOO-cows