MOO-cows Mailing List Archive


Re: [SERVER, SECURITY] bug in set_task_perms() ?

> > Am I missing something?  Why would you need to build the huge stack in
> > callers() just to test top level-ness?  In all of my verbs, to test top
> > level-ness, I just make the quick and tick-friendly check 'if
> > (valid(caller))'.  A wiz can fool caller_perms(), but can't fool the
> > variable 'caller'.
> Uh, how can this possibly work?  For command-line verb calls,
> caller==player, which means that caller is valid.  On the other hand, if
> it's called from another verb, it's also valid.  caller is !valid only
> when referenced within eval(), which is a very limited case indeed.

Um... all I can say is... whoops



Home | Subject Index | Thread Index