MOO-cows Mailing List Archive
[Prev][Next][Index][Thread]

Re: [SECURITY] the basics? (was Re: force_input() and $do_command())

At 16:03 -0800 7/7/96, Judy Anderson wrote:
>   Date: Sun, 7 Jul 1996 02:41:44 PDT
>   From: Richard Godard <janus@cam.org>
>
>   Some food for thought: it's not because caller_perms() are not valid that
>   it's safe to set_task_perms(player). (Those who laugh hand have not fixed
>   their $root_class:huh lose 1 clone :)
>
>I'm confused.  $root_class:huh is
> 1:  set_task_perms(valid(caller_perms()) ? caller_perms() | player);
> 2:  $command_utils:do_huh(verb, args);
>
>I think this is safe.  If you think it unsafe, under what
>circumstances can it be called other than by "player"'s typing a
>command line, and what would you recommend as a security check?
>Thanks.

Think a bit. Underwhat abnormal circumstancies can caller_perms() be non
valid? Some smart hacker using a recycled object perms.

Now I think to remember that only the server calls verbs with permisions
set to #-1 (well except if you do a set_task_perms(#-1) but that usully not
a thing hackers can do easily)

so here we go:

if (valid(cp=caller_perms()))
   "... some valid perms? let's use them ...";
   set_task_perms(cp);
elseif (cp == #-1 && !callers())
   "... sever task, peace and love, player should be secure ..."
   set_task_perms(player);
else
   "... dunno what's going on, take no chance: trash ...";
   raise(E_PERM);
endif
$command_utils:do_huh(verb, args);

Of course you might wonder why to care about the huh stack... well I would
say you sometime find pretty nifty wiz verbs on wiz features...

I hope this help.

Janus (who think he posted that JHM *security and to Lambda *wiz eons ago...)
Follow-Ups: References:
Home | Subject Index | Thread Index