MOO-cows Mailing List Archive


Re: [SERVER, SECURITY] bug in set_task_perms() ?

> Am I missing something?  Why would you need to build the huge stack in
> callers() just to test top level-ness?  In all of my verbs, to test top
> level-ness, I just make the quick and tick-friendly check 'if
> (valid(caller))'.  A wiz can fool caller_perms(), but can't fool the
> variable 'caller'.

Uh, how can this possibly work?  For command-line verb calls,
caller==player, which means that caller is valid.  On the other hand, if
it's called from another verb, it's also valid.  caller is !valid only
when referenced within eval(), which is a very limited case indeed.

Seth / Blackbriar

Seth I. Rich
Woo, woo!  OpalMOO's back!       There is nothing more precious than
Rabbits on walls, no problem.    a tear of true repentance.


Home | Subject Index | Thread Index