MOO-cows Mailing List Archive

[Prev][Next][Index][Thread]

Re: MOO Security (was Re: something or other)



At 07:41 AM 10/29/96 PST, John P. Wilson wrote:
>
>Are there any security breaches that can be exploited by a player without
>a programmer bit?  In other words, if I do not allow any programmers, will
>I have any security problems?
>
yeah sometimes. Like if you put a 'any' verb on $wiz or something, and it
has wizperms, it could be exploited to work on the wizard in question. Like
if somewiz puts a @boot any verb, anyone, even a guest, could type @boot
<wiz#> and boot them. Same thing with @shout in older cores. (@shout #2 is
stupid)
An easy solution for this is to always check if (player==this) of course...
(for !x verbs)


It's Brack, with the sig for the masses!     slayer@kaiwan.com
"This is not a signature." - Me 	      http://www.kaiwan.com/~slayer
*U@#(*EU#*#&$(##))(#*) - secret code  PGP key: finger slayer@sanar.kaiwan.com



Home | Subject Index | Thread Index