>A major back door has just been found. It was exploited on my MUD, I
>finally discovered how it was done.
>
>Using this bug a player can take control of the MUD totally, wipe the imm
>char and replace it with their own version.
>The "solution" to this is to parse descriptions to be written to the
>file, replacing "~" with a blank space.
I saw this before I even installed it. My solution was a little more
simple. I set up certain fields (name, password, level) as specified
format. Then, just sscanf them. Also, another way is to have it save
desc before EVERYTHING in the save_char().
"One hundred years from now, none of this will matter because you and I
will be dead -- unless the Grim Reaper has switched his record-keeping to
a Windows 95-based system, in which case we all might live forever. "
-- Associated Press
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/15/00 PST