At 08:09 AM 11/3/98 -0600, you wrote: >What if you start circle as a startup process? Starting the mud as a startup process will probably have it start as root. As George said, you are best served if you drop root privs at your earliest possibility. (Use the setuid() call.) If you do not release the root UID and it is possible to cause your mud to crash, then it is possible to force your mud do perform arbitrary commands as root on your machine. Note that even if your mud isn't running as root, if one can crash you they can possibly cause your mud to execute arbitrary commands as whatever UID it's running as. Backup early and often. > On Sat, 31 Oct 1998, Jason Wilkins wrote: > > >The only thing I can think of is to put your mud on some >system port, like port 80 (HTTP), so that > > You have to be root (on Unix) to bind to a port under 1024. > > If you do have root, you'll want to be sure to drop root >privs after you > bind(). > +------------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html | +------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/15/00 PST