MOO-cows Mailing List Archive
[Prev][Next][Index][Thread]
Re: patchs and add on's
On Tue, 17 Oct 1995, Alex Stewart wrote:
> > I know of some non-patching MOO-tinkering C-code. I got them from a
> > long-time MOO wizard and even longer time C-Code hacker. The code is
> > meant to be added (in some cases, replacing old code) to such files as
> > 'server.c'. Here's a summary of what some of the code does:
>
> Perhaps I should clarify.. That is what a patch is. When I refer to my patch
> archive, I use the traditional (and proper) form of the word "patch", that is,
> a modification to the server code which is not part of a formal release of the
> server. Anything which involves modifying the server code is a patch.
>
Sorry, the definition that I am used to is where you'd use a running
application to automaticly alter the code. Ill add yours do my
dictionary :)
> > - Prevent wizards from geting booted from MOO-code. This is handy if you
> > have wizs who write volatile verbs, but forget to add some perms
> > checking. Included in this code is a '.quit' builtin so that wizards may
> > disconnect.
>
> Seems to me to be of marginal value, since if someone has the ability and
> maliciousness to do that, they're just as likely to do other things to the
> database which would fill it with security holes, screw up everyone's stuff,
> or worse, basically rendering your entire DB suspect and unusable for most
> purposes.
>
Hey, it works for SchoolNet MOO :)
> > - Prevent hacking of .wizard bits. This has been seen done before.
> > There are two parts to this code: Prevent anyone but wizards from
> > hacking a wizbit, or prevent EVERYONE from hacking a wizbit. The latter
>
> As Judy mentioned, I would be very interested to learn what exactly the former
> case does, since this is already prohibited by the server.. As for the latter
> case, I dunno, still seems kinda pointless to me. Hacking a wizbit for
> onesself is actually one of the dumber things one can do if they have the
> ability and people who can figure out enough to do it are seldom stupid enough
> to do that. If I can get access to an open enough wiz verb that it would
> allow me to change my .wizard prop, it's probably open enough that it would
> allow me to do just about anything else, without drawing attention to myself,
> and a patch like this wouldn't do anything to prevent that.
>
This is also a personal-experience case. On LakeMOO, all can and does
happen, as we have a pretty shabby wizard staff. This is another
Confus-ius paranoia hack, but I just thought some people might find it
usefull.
> > - Prevent newting or toading of a wizard. Also good if you have a
> > 'mischevious' wizard on your staff.
>
> I'm a little curious how a server patch even comes into the issue, since
> newting and toading is all handled completely in-DB..
>
This goes along with the first one, with questionable wiz-code.
> > (connected_seconds() on $server_options gums up your MOO).
>
> I, like Judy, am a little confused at this statement too.. please explain?
>
If I knew how or why it does that, I'd tell you. Maybe it's another
isolated incident (So I don't get around much, sue me.). I don't even
have a manual for using $server_options. Could you direct me to one? :)
> > Whew, well I've said enough. If you want some of this code (and if you
> > know your C and UNIX), mail me, and tell me what code you want.
>
> Why not give it to me to put up at the patch archive? That is, after all,
> what it's there for..
>
Confus-ius wouldn't like that. I'm allowed to mail it out personally,
but not allowed to upload it anywhere.
> -R
> -------------------------------------------------------------------------------
> Alex Stewart - riche@crl.com - Richelieu @ Diversity University MOO
> http://www.crl.com/~riche/
> "Difficult answers lead to intelligent questions."
>
>
This is only my first time on this list, give me a break, please? :)
--
The Raptor
ad880@freenet.edmonton.ab.ca
References:
Home |
Subject Index |
Thread Index