<!-- MHonArc v2.4.4 -->
<!--X-Subject: Re: System Security (was: Re: [MUD-Dev] players who "take away from the game") -->
<!--X-From-R13: ptNnzv-pt.UenlEntr.Sqzbagba.OP.QO -->
<!--X-Date: Thu, 11 Nov 1999 10:43:13 -0800 -->
<!--X-Message-Id: 199911110500.WAA05413@ami-cg.GraySage.Edmonton.AB.CA -->
<!--X-Content-Type: text/plain -->
<!--X-Head-End-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<title>MUD-Dev message, Re: System Security (was: Re: [MUD-Dev] players who "take away</title>
<!-- meta name="robots" content="noindex,nofollow" -->
<link rev="made" href="mailto:cg@ami-cg.GraySage.Edmonton.AB.CA">
</head>
<body background="/backgrounds/paperback.gif" bgcolor="#ffffff"
text="#000000" link="#0000FF" alink="#FF0000" vlink="#006000">
<font size="+4" color="#804040">
<strong><em>MUD-Dev<br>mailing list archive</em></strong>
</font>
<br>
[ <a href="../">Other Periods</a>
| <a href="../../">Other mailing lists</a>
| <a href="/search.php3">Search</a>
]
<br clear=all><hr>
<!--X-Body-Begin-->
<!--X-User-Header-->
<!--X-User-Header-End-->
<!--X-TopPNI-->
Date:
[ <a href="msg00204.html">Previous</a>
| <a href="msg00205.html">Next</a>
]
Thread:
[ <a href="msg00246.html">Previous</a>
| <a href="msg00215.html">Next</a>
]
Index:
[ <A HREF="author.html#00206">Author</A>
| <A HREF="#00206">Date</A>
| <A HREF="thread.html#00206">Thread</A>
]
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<H1>Re: System Security (was: Re: [MUD-Dev] players who "take away from the game")</H1>
<HR>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
<UL>
<LI><em>To</em>: <A HREF="mailto:mud-dev#kanga,nu">mud-dev#kanga,nu</A></LI>
<LI><em>Subject</em>: Re: System Security (was: Re: [MUD-Dev] players who "take away from the game")</LI>
<LI><em>From</em>: <A HREF="mailto:cg#ami-cg,GraySage.Edmonton.AB.CA">cg#ami-cg,GraySage.Edmonton.AB.CA</A></LI>
<LI><em>Date</em>: Wed, 10 Nov 1999 22:00:11 -0700</LI>
<LI><em>Reply-To</em>: <A HREF="mailto:mud-dev#kanga,nu">mud-dev#kanga,nu</A></LI>
<LI><em>Sender</em>: <A HREF="mailto:mud-dev-admin#kanga,nu">mud-dev-admin#kanga,nu</A></LI>
</UL>
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<HR>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<PRE>
[Eli Stevens:]
> This got me wondering... :)
>
> What precautions should be taken when writing a MUD codebase from scratch?
> Are most security holes that a MUD box might have at the OS level, or does
> having a program like a MUD running open up opportunities that would not
> otherwise exist (assuming that the ability to issue OS commands and such is
> not a feature)?
Aha! A technical issue! :-)
Having a MUD running isn't a problem if you are careful in what you let
the MUD server do. Obviously! The main thing is likely to be that of
system and communications load. If you are careful to *not* provide any
ways by which MUD players can issue system commands, there shouldn't
really be any issues outside of the MUD itself. A MUD server simply
presents a socket that people can talk to. If it never, however indirectly,
allows stuff that comes from client sockets to end up uneditted in a
system command, then it should be safe.
Sometimes, however, the nature of how the MUD works requires that some
portions of the MUD be able to issue system commands. For example, back
when my server was AmigaMUD, I used to issue system commands from the
MUD code in order to deliver email from MUD characters to normal email
addresses. However, the player only controlled the destination email
address, the email subject, and the email contents. The MUD code did
nothing with any of those, other than to check that they were properly
formed (in the case of the subject and destination). So, that should
have been fairly safe.
However, to show how careful you have to be, I think I just realized that
I likely wasn't checking things carefully enough, and it could have been
possible for someone to format my server hard drive for me. With the
spread of the internet, I don't need to do that email/news stuff in my
MUD anymore, so its not there. In fact, I don't think I currently use
the ability to run system commands for anything other than an automated
backup system, which includes only fixed commands.
> Also, I am very curious about Kanga.Nu being "regularly attacked." Would
> you (JCL or others) be able to describe the kind of attacks these usually
> are? How you might prevent them from working, etc. :)
Likely some fairly standard internet attacks at mostly well-known weaknesses.
I'm not a security guru by any means, so I'll leave any more detail to
JCL, if he even wants to be more specific. Read newsgroup comp.risks for
high-level reports, and computer security newsgroups for lots of details.
--
Don't design inefficiency in - it'll happen in the implementation.
Chris Gray cg#ami-cg,GraySage.Edmonton.AB.CA
<A HREF="http://www.GraySage.Edmonton.AB.CA/cg/">http://www.GraySage.Edmonton.AB.CA/cg/</A>
_______________________________________________
MUD-Dev maillist - MUD-Dev#kanga,nu
<A HREF="http://www.kanga.nu/lists/listinfo/mud-dev">http://www.kanga.nu/lists/listinfo/mud-dev</A>
</PRE>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<HR>
<ul compact><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><A NAME="00215" HREF="msg00215.html">Re: System Security (was: Re: [MUD-Dev] players who "take away from the game")</A></strong>
<ul compact><li><em>From:</em> J C Lawrence <claw@cp.net></li></ul>
</UL></LI></UL>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<UL>
<LI>Prev by Date:
<STRONG><A HREF="msg00204.html">[MUD-Dev] MySQL as a MUD.</A></STRONG>
</LI>
<LI>Next by Date:
<STRONG><A HREF="msg00205.html">[MUD-Dev] Neverwinter Nights</A></STRONG>
</LI>
<LI>Prev by thread:
<STRONG><A HREF="msg00246.html">Re: [MUD-Dev] Neverwinter Nights</A></STRONG>
</LI>
<LI>Next by thread:
<STRONG><A HREF="msg00215.html">Re: System Security (was: Re: [MUD-Dev] players who "take away from the game")</A></STRONG>
</LI>
<LI>Index(es):
<UL>
<LI><A HREF="index.html#00206"><STRONG>Date</STRONG></A></LI>
<LI><A HREF="thread.html#00206"><STRONG>Thread</STRONG></A></LI>
</UL>
</LI>
</UL>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<ul><li>Thread context:
<BLOCKQUOTE><UL>
<LI><strong><A NAME="00203" HREF="msg00203.html">[MUD-Dev] associate producer/designer openings, and others: Maxis/EA</A></strong>,
Sellers, Michael <a href="mailto:MSellers@maxis.com">MSellers@maxis.com</a>, Thu 11 Nov 1999, 18:43 GMT
<LI><strong><A NAME="00205" HREF="msg00205.html">[MUD-Dev] Neverwinter Nights</A></strong>,
Koster, Raph <a href="mailto:rkoster@origin.ea.com">rkoster@origin.ea.com</a>, Thu 11 Nov 1999, 18:43 GMT
<UL>
<LI><strong><A NAME="00211" HREF="msg00211.html">Re: [MUD-Dev] Neverwinter Nights</A></strong>,
Dundee <a href="mailto:SkeptAck@antisocial.com">SkeptAck@antisocial.com</a>, Thu 11 Nov 1999, 19:02 GMT
</LI>
</UL>
<UL>
<li><Possible follow-up(s)><br>
<LI><strong><A NAME="00246" HREF="msg00246.html">Re: [MUD-Dev] Neverwinter Nights</A></strong>,
S. Patrick Gallaty <a href="mailto:choke@sirius.com">choke@sirius.com</a>, Sat 13 Nov 1999, 18:06 GMT
</LI>
</UL>
</LI>
<LI><strong><A NAME="00206" HREF="msg00206.html">Re: System Security (was: Re: [MUD-Dev] players who "take away from the game")</A></strong>,
cg <a href="mailto:cg@ami-cg.GraySage.Edmonton.AB.CA">cg@ami-cg.GraySage.Edmonton.AB.CA</a>, Thu 11 Nov 1999, 18:43 GMT
<UL>
<LI><strong><A NAME="00215" HREF="msg00215.html">Re: System Security (was: Re: [MUD-Dev] players who "take away from the game")</A></strong>,
J C Lawrence <a href="mailto:claw@cp.net">claw@cp.net</a>, Thu 11 Nov 1999, 22:01 GMT
</LI>
</UL>
<UL>
<li><Possible follow-up(s)><br>
<LI><strong><A NAME="00217" HREF="msg00217.html">Re: System Security (was: Re: [MUD-Dev] players who "take away from the game")</A></strong>,
Bruce Mitchener, Jr. <a href="mailto:bruce@puremagic.com">bruce@puremagic.com</a>, Thu 11 Nov 1999, 22:33 GMT
</LI>
<LI><strong><A NAME="00222" HREF="msg00222.html">Re: System Security (was: Re: [MUD-Dev] players who "take away from the game")</A></strong>,
Cynbe ru Taren <a href="mailto:cynbe@muq.org">cynbe@muq.org</a>, Thu 11 Nov 1999, 23:05 GMT
</LI>
</UL>
</LI>
<LI><strong><A NAME="00204" HREF="msg00204.html">[MUD-Dev] MySQL as a MUD.</A></strong>,
Quzah <a href="mailto:quzah@hotmail.com">quzah@hotmail.com</a>, Thu 11 Nov 1999, 18:43 GMT
</LI>
</UL></BLOCKQUOTE>
</ul>
<hr>
<center>
[ <a href="../">Other Periods</a>
| <a href="../../">Other mailing lists</a>
| <a href="/search.php3">Search</a>
]
</center>
<hr>
</body>
</html>