MOO-cows Mailing List Archive
Re: security without proggers
GRAEME SMITH email: email@example.com
(Back on line!>
On Tue, 29 Oct 1996, RavenStar wrote:
> There are *always* security holes. I know of at least one that used to
> be fairly prevalent that would allow a player to recycle anything he/she
> could move, and I've heard horror stories about guests getting prog bits,
> The whole point is that when you're dealing with computers in general,
> there's always a way around whatever barriers someone puts up. While
> restricting prog bits is probably a good way to reduce your risk of some
> malicious progger blowing something up, I've often found that
> restrictions like that often give hackers the only reason they need to
> find security holes in the first place: to know they can out-smart
> you..I outta know..I'm a hacker-type myself. ;P
> Anyway...I've found that the best way to keep idiots from going nuts and
> crashing your MOO is to a) make sure your system is as programmatically
> secure as you can, and b) don't give them a reason to in the first
> place (read: don't be an anal-retentive wizard).
Actually I was thinking about this, very problem.... And came up with the
idea, that you really don't need to give out progger bits, if you don't
Fact of the matter is, however, that to NOT give out progger bits, you
have to accept that you will have to make MAJOR rewrites of the core.
Lambda is set up around Progger Bits.... Its a fact of life.
I was planning on building a Prog-bit/Wiz-bit less hierarchy of access
into my MOO CORE, but, like all my other projects, it got sidetracked
when my health took a bit of a turn for the worse.
In the system I was thinking of implimenting, the only object with a wiz
bit, would be the Archwizard.
Wizards would be mostly administrative in function, with a few, that were
allowed to own a Prog bit, so that they could add code to objects. Most
players would be allowed only to add customization to their objects
through a non-programmer level compiler, that submitted the code to a
program that authorized it to be run. In other words, instead of being
actively involved with the server, except for a few exceptions, all
players would be interacting with the In-DB compiled language, which could
make illegal any obvious chicanery, and be much more interactive in its
nature. In essence this would make the system a bit more secure, simply
by offering access to the programming capability without requiring a
Programmers Bit. Just as most hackers would rather not write their code
in assembler, the hackers, would be much happier using the compiler, than
using the server-level language, and so, would be less likely to get
access that would damage the installation.
Your Mileage may vary, and certainly it would be difficult for an
established moo to make such a change over since the community would
expect the moo rules, not to change, and since most of the database
is in fact oriented around access rules that assume general availability
of programmer bits, and a community of Wizzen.
Subject Index |