MOO-cows Mailing List Archive


Re: patchs and add on's

On Tue, 17 Oct 1995, Alex Stewart wrote:

> > I know of some non-patching MOO-tinkering C-code.  I got them from a 
> > long-time MOO wizard and even longer time C-Code hacker.  The code is 
> > meant to be added (in some cases, replacing old code) to such files as 
> > 'server.c'.  Here's a summary of what some of the code does:
> Perhaps I should clarify..  That is what a patch is.  When I refer to my patch
> archive, I use the traditional (and proper) form of the word "patch", that is,
> a modification to the server code which is not part of a formal release of the
> server.  Anything which involves modifying the server code is a patch.
Sorry, the definition that I am used to is where you'd use a running 
application to automaticly alter the code.  Ill add yours do my 
dictionary :)

> > - Prevent wizards from geting booted from MOO-code.  This is handy if you 
> > have wizs who write volatile verbs, but forget to add some perms 
> > checking.  Included in this code is a '.quit' builtin so that wizards may 
> > disconnect.
> Seems to me to be of marginal value, since if someone has the ability and 
> maliciousness to do that, they're just as likely to do other things to the
> database which would fill it with security holes, screw up everyone's stuff,
> or worse, basically rendering your entire DB suspect and unusable for most
> purposes.
Hey, it works for SchoolNet MOO :)

> > - Prevent hacking of .wizard bits.  This has been seen done before.  
> > There are two parts to this code:  Prevent anyone but wizards from 
> > hacking a wizbit, or prevent EVERYONE from hacking a wizbit.  The latter 
> As Judy mentioned, I would be very interested to learn what exactly the former
> case does, since this is already prohibited by the server..  As for the latter
> case, I dunno, still seems kinda pointless to me.  Hacking a wizbit for 
> onesself is actually one of the dumber things one can do if they have the 
> ability and people who can figure out enough to do it are seldom stupid enough
> to do that.  If I can get access to an open enough wiz verb that it would 
> allow me to change my .wizard prop, it's probably open enough that it would 
> allow me to do just about anything else, without drawing attention to myself, 
> and a patch like this wouldn't do anything to prevent that.
This is also a personal-experience case.  On LakeMOO, all can and does 
happen, as we have a pretty shabby wizard staff.  This is another 
Confus-ius paranoia hack, but I just thought some people might find it 

> > - Prevent newting or toading of a wizard.  Also good if you have a
> > 'mischevious' wizard on your staff.
> I'm a little curious how a server patch even comes into the issue, since
> newting and toading is all handled completely in-DB..
This goes along with the first one, with questionable wiz-code.

> > (connected_seconds() on $server_options gums up your MOO).
> I, like Judy, am a little confused at this statement too.. please explain?
If I knew how or why it does that, I'd tell you.  Maybe it's another 
isolated incident (So I don't get around much, sue me.).  I don't even 
have a manual for using $server_options.  Could you direct me to one? :)

> > Whew, well I've said enough.  If you want some of this code (and if you 
> > know your C and UNIX), mail me, and tell me what code you want.
> Why not give it to me to put up at the patch archive?  That is, after all, 
> what it's there for..
Confus-ius wouldn't like that.  I'm allowed to mail it out personally, 
but not allowed to upload it anywhere.

> -R
> -------------------------------------------------------------------------------
>      Alex Stewart - - Richelieu @ Diversity University MOO
>             "Difficult answers lead to intelligent questions."

This is only my first time on this list, give me a break, please? :)

The Raptor


Home | Subject Index | Thread Index