patchs and add on's

• Date: Tue, 17 Oct 1995 08:44:23 PDT
• From:
  Judy Anderson <yduj@cs.stanford.edu>
• Cc: riche@crl.com, egoff@iquest.com, moo-cows@parc.xerox.com
• In-Reply-To: The Raptor's message of Tue, 17 Oct 1995 05:42:07 PDT <Pine.A32.3.91.951017062622.69089A-100000@fn1.freenet.edmonton.ab.ca>

   Date: Tue, 17 Oct 1995 05:42:07 PDT
   From: The Raptor <ad880@freenet.edmonton.ab.ca>

   [offers code to do various things]

   - Prevent hacking of .wizard bits.  This has been seen done before.  
   There are two parts to this code:  Prevent anyone but wizards from 
   hacking a wizbit, or prevent EVERYONE from hacking a wizbit.

I'm curious what the first part of this code does.  The server already
disallows setting of the .wizard bit by non-wizards.  Almost always,
when a wizard bit is cracked, it is due to insecure wizardly
code---the cracker gets eir hands on a call to "eval" with wiz perms.
How can the server distinguish the cracker case from a legitimate case
of a wizard setting the .wizard bit on the MOO's newest wizard?

   - Also included is some code to make 'connected_seconds()' wiz only.  
   (connected_seconds() on $server_options gums up your MOO).

How does protecting connected_seconds "gum up your moo"?  Can't you
just make #0:connected_seconds() like you do with any other protected
builtin?

      Judy Anderson yclept yduJ          'yduJ' rhymes with 'fudge'
 yduJ@cs.stanford.edu (personal mail)   yduJ@harlequin.com (work-related)
	Join the League for Programming Freedom, lpf@uunet.uu.net

• Re: patchs and add on's
• From: The Raptor <ad880@freenet.edmonton.ab.ca>

• Prev: Re: patchs and add on's
• Next: patchs and add on's
• Index: MOO-cows
• Thread: MOO-cows