MOO-cows Mailing List Archive
patchs and add on's
Date: Tue, 17 Oct 1995 05:42:07 PDT
From: The Raptor <firstname.lastname@example.org>
[offers code to do various things]
- Prevent hacking of .wizard bits. This has been seen done before.
There are two parts to this code: Prevent anyone but wizards from
hacking a wizbit, or prevent EVERYONE from hacking a wizbit.
I'm curious what the first part of this code does. The server already
disallows setting of the .wizard bit by non-wizards. Almost always,
when a wizard bit is cracked, it is due to insecure wizardly
code---the cracker gets eir hands on a call to "eval" with wiz perms.
How can the server distinguish the cracker case from a legitimate case
of a wizard setting the .wizard bit on the MOO's newest wizard?
- Also included is some code to make 'connected_seconds()' wiz only.
(connected_seconds() on $server_options gums up your MOO).
How does protecting connected_seconds "gum up your moo"? Can't you
just make #0:connected_seconds() like you do with any other protected
Judy Anderson yclept yduJ 'yduJ' rhymes with 'fudge'
yduJ@cs.stanford.edu (personal mail) yduJ@harlequin.com (work-related)
Join the League for Programming Freedom, email@example.com
Subject Index |