| [10-31 11:10] | [Chat] | Icewolfz: anything at that point would need and immortal to do it |
| [10-31 11:11] | [Chat] | Icewolfz: user space is all wrapped up |
| [10-31 11:11] | [Chat] | Icewolfz: worse case users may cause is the mud to crash as they do not have any direct access to anything |
| [10-31 11:11] | [Chat] | Icewolfz: and the crash would be more due to memory or a bug in the code |
| [10-31 11:11] | [Chat] | Rmp: I'm worried more about input validation via commands called against players who may have names that do bad things. |
| [10-31 11:12] | [Chat] | Icewolfz: but i wil lsay this is old code so god only knows what may be there |
| [10-31 11:12] | [Chat] | Icewolfz: inputvalidtion wont effect anyting |
| [10-31 11:12] | [Chat] | Icewolfz: there are multiple layers |
| [10-31 11:12] | [Chat] | Icewolfz: and nothing runs on direct os |
| [10-31 11:12] | [Chat] | Icewolfz: everything is wrapped at he mud layer in lpc code |
| [10-31 11:13] | [Chat] | Icewolfz: and users only can access what the coder has enbaled |
| [10-31 11:13] | [Chat] | Rmp: except the driver itself, I know. So the attack vector would be trying to get a player command to somehow get it to call ssh or something that would allow a shell |
| [10-31 11:13] | [Chat] | Icewolfz: which is just saving or readign text files to only allowed locations |
| [10-31 11:13] | [Chat] | Rmp: even that should at least prompt for a login |
| [10-31 11:13] | [Chat] | Icewolfz: cant there is no external way for users to get access |
| [10-31 11:13] | [Chat] | Icewolfz: you owuld need ata min immortal level |
| [10-31 11:14] | [Chat] | Icewolfz: an immortal might bebale to do some creative stuff depending on the code and the driver it slef |
| [10-31 11:14] | [Chat] | Icewolfz: as therae some peices of code that can crash the mud if ran |
| [10-31 11:14] | [Chat] | Icewolfz: and i am sure there are probably buffer overruns |
| [10-31 11:14] | [Chat] | Rmp: Yeah, some of it is in Lotus' home :) |
|
| Back to List |
