MOO-cows Mailing List Archive
Re: [SERVER, SECURITY] bug in set_task_perms() ?
> > Am I missing something? Why would you need to build the huge stack in
> > callers() just to test top level-ness? In all of my verbs, to test top
> > level-ness, I just make the quick and tick-friendly check 'if
> > (valid(caller))'. A wiz can fool caller_perms(), but can't fool the
> > variable 'caller'.
> Uh, how can this possibly work? For command-line verb calls,
> caller==player, which means that caller is valid. On the other hand, if
> it's called from another verb, it's also valid. caller is !valid only
> when referenced within eval(), which is a very limited case indeed.
Um... all I can say is... whoops
Subject Index |