MOO-cows Mailing List Archive

[Prev][Next][Index][Thread]

Re: patchs and add on's



> I know of some non-patching MOO-tinkering C-code.  I got them from a 
> long-time MOO wizard and even longer time C-Code hacker.  The code is 
> meant to be added (in some cases, replacing old code) to such files as 
> 'server.c'.  Here's a summary of what some of the code does:

Perhaps I should clarify..  That is what a patch is.  When I refer to my patch
archive, I use the traditional (and proper) form of the word "patch", that is,
a modification to the server code which is not part of a formal release of the
server.  Anything which involves modifying the server code is a patch.

> - Prevent wizards from geting booted from MOO-code.  This is handy if you 
> have wizs who write volatile verbs, but forget to add some perms 
> checking.  Included in this code is a '.quit' builtin so that wizards may 
> disconnect.

Seems to me to be of marginal value, since if someone has the ability and 
maliciousness to do that, they're just as likely to do other things to the
database which would fill it with security holes, screw up everyone's stuff,
or worse, basically rendering your entire DB suspect and unusable for most
purposes.

> - Prevent hacking of .wizard bits.  This has been seen done before.  
> There are two parts to this code:  Prevent anyone but wizards from 
> hacking a wizbit, or prevent EVERYONE from hacking a wizbit.  The latter 

As Judy mentioned, I would be very interested to learn what exactly the former
case does, since this is already prohibited by the server..  As for the latter
case, I dunno, still seems kinda pointless to me.  Hacking a wizbit for 
onesself is actually one of the dumber things one can do if they have the 
ability and people who can figure out enough to do it are seldom stupid enough
to do that.  If I can get access to an open enough wiz verb that it would 
allow me to change my .wizard prop, it's probably open enough that it would 
allow me to do just about anything else, without drawing attention to myself, 
and a patch like this wouldn't do anything to prevent that.

> - Prevent newting or toading of a wizard.  Also good if you have a
> 'mischevious' wizard on your staff.

I'm a little curious how a server patch even comes into the issue, since
newting and toading is all handled completely in-DB..

> (connected_seconds() on $server_options gums up your MOO).

I, like Judy, am a little confused at this statement too.. please explain?

> Whew, well I've said enough.  If you want some of this code (and if you 
> know your C and UNIX), mail me, and tell me what code you want.

Why not give it to me to put up at the patch archive?  That is, after all, 
what it's there for..

-R
-------------------------------------------------------------------------------
     Alex Stewart - riche@crl.com - Richelieu @ Diversity University MOO
                         http://www.crl.com/~riche/
            "Difficult answers lead to intelligent questions."



Follow-Ups: References:

Home | Subject Index | Thread Index