MOO-cows Mailing List Archive


patchs and add on's

   Date: Tue, 17 Oct 1995 05:42:07 PDT
   From: The Raptor <>

   [offers code to do various things]

   - Prevent hacking of .wizard bits.  This has been seen done before.  
   There are two parts to this code:  Prevent anyone but wizards from 
   hacking a wizbit, or prevent EVERYONE from hacking a wizbit.

I'm curious what the first part of this code does.  The server already
disallows setting of the .wizard bit by non-wizards.  Almost always,
when a wizard bit is cracked, it is due to insecure wizardly
code---the cracker gets eir hands on a call to "eval" with wiz perms.
How can the server distinguish the cracker case from a legitimate case
of a wizard setting the .wizard bit on the MOO's newest wizard?

   - Also included is some code to make 'connected_seconds()' wiz only.  
   (connected_seconds() on $server_options gums up your MOO).

How does protecting connected_seconds "gum up your moo"?  Can't you
just make #0:connected_seconds() like you do with any other protected

      Judy Anderson yclept yduJ          'yduJ' rhymes with 'fudge' (personal mail) (work-related)
	Join the League for Programming Freedom,


Home | Subject Index | Thread Index