MOO-cows Mailing List Archive
Date: Thu, 21 Dec 1995 12:26:56 PST
From: ThwartedEfforts <email@example.com>
Content-Type: text/plain; charset="us-ascii"
Judy Anderson <firstname.lastname@example.org>, wrote:
>I was chatting with Quinn about my recent mongo edits of the LambdaMOO
>database involving match() (which turned out to be unnecessary as the
>patch was made available earlier than I had believed it would be). It
>would be cool if, when a builtin is protected by
>$server_options.protect_builtin, it would try to call
>#0:builtin(@args) before throwing up E_PERM. That way, if one wanted
>to protect something, one would not have to edit the entire database
A few points to consider/suggestions:
1) if a builtin is called from SYSTEM_OBJECT, then wiz-only permission checks
(via $server_options) don't take place. This would make it easier to have
the server check permissions for an action instead of trying to do it in
MOOcode. In other words:
object = args;
verb = args;
code = args;
if ($perm_utils:controls(caller_perms(), object))
This allows some other code stack determine only the perms you want, without
have to code the permission checks that the server handles into your code
also. This comes in handy for things concerning the (read|set)ability of
We can assume SYSTEM_OBJECT is secure, right?
2) That the verb on SYSTEM_OBJECT that is called be named "bf_" + the name
of the builtin, to better distinguish between verbs that are handlers for
builtin functions and those that are server verbs (ie do_login_command).
Perhaps "secure_" + builtin name to signify that it's only called when
a $server_options perm check fails.
This also keeps #0:recycle for it's intended purpose.
3) Probally assumed, but I want to say it: The return value from
#0:(bf_builtin) be the result of the bf call. If it returns an value of
type ERR, then the server would either raise the error or return it
(depending on the d-ness of the calling verb). Weither this is an issue
in later versions (where the d flag is removed or not) is up in the air.
4) caller_perms() in #0:(builtin) be the perms of the verb that made the
bf call to begin with.
5) This one is *very very very iffy*: $server_options.builtin_handler be the
object that has these verbs defined on it that get called if the bf is
protected, defaulting to SYSTEM_OBJECT.
Just wanted to bring everyone up to speed, since a similar topic has been
Subject Index |