<!-- MHonArc v2.4.4 -->
<!--X-Subject: Re: [MUD-Dev] about MOO -->
<!--X-From-R13: Oaqeh Zhivfv <yhivfvNnaqeh.fbabzn.rqh> -->
<!--X-Date: Mon, 22 Nov 1999 10:55:52 -0800 -->
<!--X-Message-Id: Pine.LNX.4.03.9911212136110.29075-100000#andru,sonoma.edu -->
<!--X-Content-Type: text/plain -->
<!--X-Reference: 19991119140854.R25847#kitenet,net -->
<!--X-Head-End-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<title>MUD-Dev message, Re: [MUD-Dev] about MOO</title>
<!-- meta name="robots" content="noindex,nofollow" -->
<link rev="made" href="mailto:luvisi#andru,sonoma.edu">
</head>
<body background="/backgrounds/paperback.gif" bgcolor="#ffffff"
text="#000000" link="#0000FF" alink="#FF0000" vlink="#006000">
<font size="+4" color="#804040">
<strong><em>MUD-Dev<br>mailing list archive</em></strong>
</font>
<br>
[ <a href="../">Other Periods</a>
| <a href="../../">Other mailing lists</a>
| <a href="/search.php3">Search</a>
]
<br clear=all><hr>
<!--X-Body-Begin-->
<!--X-User-Header-->
<!--X-User-Header-End-->
<!--X-TopPNI-->
Date:
[ <a href="msg00441.html">Previous</a>
| <a href="msg00442.html">Next</a>
]
Thread:
[ <a href="msg00413.html">Previous</a>
| <a href="msg00447.html">Next</a>
]
Index:
[ <A HREF="author.html#00438">Author</A>
| <A HREF="#00438">Date</A>
| <A HREF="thread.html#00438">Thread</A>
]
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<H1>Re: [MUD-Dev] about MOO</H1>
<HR>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
<UL>
<LI><em>To</em>: <A HREF="mailto:mud-dev#kanga,nu">mud-dev#kanga,nu</A></LI>
<LI><em>Subject</em>: Re: [MUD-Dev] about MOO</LI>
<LI><em>From</em>: Andru Luvisi <<A HREF="mailto:luvisi#andru,sonoma.edu">luvisi#andru,sonoma.edu</A>></LI>
<LI><em>Date</em>: Sun, 21 Nov 1999 21:57:54 -0800 (PST)</LI>
<LI><em>Reply-To</em>: <A HREF="mailto:mud-dev#kanga,nu">mud-dev#kanga,nu</A></LI>
<LI><em>Sender</em>: <A HREF="mailto:mud-dev-admin#kanga,nu">mud-dev-admin#kanga,nu</A></LI>
</UL>
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<HR>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<PRE>
On Fri, 19 Nov 1999, Joey Hess wrote:
[snip]
> I agree, I've never been comfortable with LambdaMOO's security model. The
> stack based model sounds very intelligent to me, can you elaborate on it a
> bit? Are there any gotchas associated with it?
Put simply: Whenever an object tries to do something restricted (ie read
or write a file) your validator function (part of the mudlib in the two
implementations I'm familiar with, Nightmare/Foundation and TubMud)
examines the current call stack (the same one you'd see if you did a
backtrace). The functions don't matter, only the objects. If *all* of
the objects have the needed access, then the operation succeeds. If *any*
of them fail, the operation fails. The only time the procedure is
different is if an object specifically chooses to have *only* its access
used for making the decision. In the implementations I've seen, there was
a function called "unguarded" which you would hand a thunk off to. Pretty
much any object which needs to save state and interacts with users would
need to use this. The big example is bulletin boards.
The result of this is that if you just write code, it's secure by default
because it can only do things that both you and whoever calls it can do.
You can't write trojans, because your restrictions apply to it. Others
can't exploit it, because their restrictions apply when they send function
calls to it. The only places in the mudlib that become really critical
from an interobject security perspective can be located with a recursive
grep. Of course, this doesn't fix *every* possible security problem, but
it helps a *log*.
The only gotchas I can think of are:
Objects used to store commands need to be all powerful, so they can do
whatever can be done by anyone who calls them. This means anyone who can
edit commands has administrative access. I don't considder this a big
problem since normally anyone who can edit commands can put in a trojan
horse and get an administrator to execute it.
If I'm a normal wiz, and I create a wiztool, other wiz's need to copy it,
rather than using mine, in order for them to be able to use it to do
anything restricted. This can be inconvenient, but it is good for
security.
> > MOO doesn't have a preprocessor. Opinions are varied on whether this is a
> > good thing or a bad thing. Personally, I like having a preprocessor.
>
> If you mean something to preprocess a user's input, this could be added to
> the appropariate method of the base character class. (Perlmoo has a
> preprocessor added in exactly this way.)
I was referring to the C preprocessor, upon which LPC's preprocessor was
based.
ie:
#define MIN_LEVEL
...
#ifdef MIN_LEVEL
if(this_player()->query_level() < MIN_LEVEL)
return 0;
#endif
In my case, I was sharing a huge data structure among everything so I
could save the state of an entire simulation with a single save_object().
I had a half dozen header files with things like:
#define MCBANK state[0][3][1] /* not correct, I just made it up */
where state was an array or a mapping, which was a reference to a subtree
of the global state, shared through LPC's implicit pointer semantics.
Yes, I know it's ugly. You should have seen the ideas I threw away...
Andru
--
--------------------------------------------------------------------------
| Andru Luvisi | <A HREF="http://libweb.sonoma.edu/">http://libweb.sonoma.edu/</A> |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | <A HREF="http://www.belleprovence.com/">http://www.belleprovence.com/</A> |
| luvisi#andru,sonoma.edu | Textile imports from Provence, France |
--------------------------------------------------------------------------
_______________________________________________
MUD-Dev maillist - MUD-Dev#kanga,nu
<A HREF="http://www.kanga.nu/lists/listinfo/mud-dev">http://www.kanga.nu/lists/listinfo/mud-dev</A>
</PRE>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<HR>
<ul compact><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><A NAME="00447" HREF="msg00447.html">Re: [MUD-Dev] about MOO</A></strong>
<ul compact><li><em>From:</em> Greg Miller <gmiller#classic-games,com></li></ul>
</UL></LI></UL>
<!--X-Follow-Ups-End-->
<!--X-References-->
<UL><LI><STRONG>References</STRONG>:
<UL>
<LI><STRONG><A NAME="00413" HREF="msg00413.html">Re: [MUD-Dev] about MOO</A></STRONG>
<UL><LI><EM>From:</EM> Joey Hess <joey#kitenet,net></LI></UL></LI>
</UL></LI></UL>
<!--X-References-End-->
<!--X-BotPNI-->
<UL>
<LI>Prev by Date:
<STRONG><A HREF="msg00441.html">Re[2]: [MUD-Dev] Admins as Mortals twist</A></STRONG>
</LI>
<LI>Next by Date:
<STRONG><A HREF="msg00442.html">Re: [MUD-Dev] Depth of realism</A></STRONG>
</LI>
<LI>Prev by thread:
<STRONG><A HREF="msg00413.html">Re: [MUD-Dev] about MOO</A></STRONG>
</LI>
<LI>Next by thread:
<STRONG><A HREF="msg00447.html">Re: [MUD-Dev] about MOO</A></STRONG>
</LI>
<LI>Index(es):
<UL>
<LI><A HREF="index.html#00438"><STRONG>Date</STRONG></A></LI>
<LI><A HREF="thread.html#00438"><STRONG>Thread</STRONG></A></LI>
</UL>
</LI>
</UL>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<ul><li>Thread context:
<BLOCKQUOTE><UL>
<LI><strong><A NAME="00407" HREF="msg00407.html">Re: [MUD-Dev] Mud hosting services</A></strong>,
gunderwood <a href="mailto:gunderwood#donet,com">gunderwood#donet,com</a>, Fri 19 Nov 1999, 20:35 GMT
<LI><strong><A NAME="00394" HREF="msg00394.html">[MUD-Dev] about MOO</A></strong>,
Ilya, Game Commandos <a href="mailto:Ilya#gamecommandos,com">Ilya#gamecommandos,com</a>, Fri 19 Nov 1999, 18:27 GMT
<UL>
<LI><strong><A NAME="00404" HREF="msg00404.html">Re: [MUD-Dev] about MOO</A></strong>,
Andru Luvisi <a href="mailto:luvisi#andru,sonoma.edu">luvisi#andru,sonoma.edu</a>, Fri 19 Nov 1999, 20:30 GMT
<UL>
<LI><strong><A NAME="00413" HREF="msg00413.html">Re: [MUD-Dev] about MOO</A></strong>,
Joey Hess <a href="mailto:joey#kitenet,net">joey#kitenet,net</a>, Sat 20 Nov 1999, 00:39 GMT
<UL>
<LI><strong><A NAME="00438" HREF="msg00438.html">Re: [MUD-Dev] about MOO</A></strong>,
Andru Luvisi <a href="mailto:luvisi#andru,sonoma.edu">luvisi#andru,sonoma.edu</a>, Mon 22 Nov 1999, 18:55 GMT
<UL>
<LI><strong><A NAME="00447" HREF="msg00447.html">Re: [MUD-Dev] about MOO</A></strong>,
Greg Miller <a href="mailto:gmiller#classic-games,com">gmiller#classic-games,com</a>, Mon 22 Nov 1999, 20:14 GMT
</LI>
</UL>
</LI>
</UL>
</LI>
</UL>
</LI>
<LI><strong><A NAME="00405" HREF="msg00405.html">Re: [MUD-Dev] about MOO</A></strong>,
Dan Root <a href="mailto:dar#thekeep,org">dar#thekeep,org</a>, Fri 19 Nov 1999, 20:30 GMT
<UL>
<LI><strong><A NAME="00414" HREF="msg00414.html">Re: [MUD-Dev] about MOO</A></strong>,
Joey Hess <a href="mailto:joey#kitenet,net">joey#kitenet,net</a>, Sat 20 Nov 1999, 00:39 GMT
<UL>
<LI><strong><A NAME="00420" HREF="msg00420.html">Re: [MUD-Dev] about MOO</A></strong>,
Dan Root <a href="mailto:dar#thekeep,org">dar#thekeep,org</a>, Sat 20 Nov 1999, 01:43 GMT
</LI>
</UL>
</LI>
</UL>
</LI>
</UL>
</LI>
</UL></BLOCKQUOTE>
</ul>
<hr>
<center>
[ <a href="../">Other Periods</a>
| <a href="../../">Other mailing lists</a>
| <a href="/search.php3">Search</a>
]
</center>
<hr>
</body>
</html>