MOO-cows Mailing List Archive

[Prev][Next][Index][Thread]

[brundage@laurel.ipac.caltech.edu: Re: security]



------- Start of forwarded message -------
Return-Path: moo-cows-errors@parc.xerox.com
Date: Tue, 18 Mar 1997 14:33:31 PST
From: Michael Brundage <brundage@laurel.ipac.caltech.edu>
To: "A.TEAL" <shumat2@pegasus.hud.ac.uk>
cc: moo-cows@parc.xerox.com
Subject: Re: security
In-Reply-To: <46C47B8782F@pegasus.hud.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: MOO-Cows-Errors@parc.xerox.com
Precedence: bulk

On Tue, 18 Mar 1997, A.TEAL wrote:
> As a new wizard, commissioned to set up and run a new MOO for CAL, 
> I'm discussing security issues with personnel who are in a position 
> to kell the project if the security is not to their satisfaction.
> 
> Their particular concern is to avoid players gaining access to the 
> MOO server root and thence to other machines on the network.

As you might have guessed, this is a perennial topic on this list.

You should be able to find some of the previous times it's come up on any 
of the searchable archives of moo-cows; I've heard there's one at
http://eli.wariat.org/mcarc/index.html
but haven't checked it out myself.  Alternatively, use a Web search 
engine to look for "MOO and security"

The short version is this:

The standard, out-of-the-box MOO server cannot access your filesystem.  
There is a compile-time option to turn on outbound network connections 
by default it is off, meaning that the MOO cannot initiate outbound 
connections, and hence cannot cause network problems. (Incidentally, various 
informal studies have indicated that MOO servers are typically not high 
traffic; more of a concern is their process size.)

What MOO users can do is this:

If they have (or gain access to) programmer's priveleges, they can bring 
down the MOO server by causing it to run out of memory.
If they have (or gain access to) wizard's priveleges, or if the MOO has 
security holes, they can access information in the MOO database which 
was intended to be private.

The corollaries are:

Don't store passwords in the MOO that are the same as those used on the 
local filesystem.  (Duh.)
Don't store information in the MOO that you don't mind sharing with any 
of your users (or equivalently, restrict your user base to trusted users, 
or else make sure there are no holes).

If you make modifications to the MOO server, such as installing FUP or 
fileio (file system access packages), then you may create opportunities 
for MOO users to wreak havoc on the local computer system.  So if this is 
a concern, don't do it.

If you enable outbound network connections, then users (with appropriate 
priveleges) could initiate connections from the MOO.  This could create 
problems as they might access remote servers anonymously (e.g., send hate 
mail to someone, and that mail be traced back to your MOO) or they might 
access local servers behind a firewall (but if you run your MOO outside 
the firewall, this won't be a problem).

Furthermore, many people recommend against running the MOO with root 
permissions, though as far as I can see this is mainly as a precaution 
because it is a Smart Thing To Do, and not because it is inherently unsecure.

Of course, your mileage may vary, and I'm not a security expert, so 
believe all this at your own risk.  <Insert rest of standard disclaimer 
here.>


Cheers,

michael
brundage@ipac.caltech.edu
------- End of forwarded message -------


Home | Subject Index | Thread Index