>
> Hrmm, I beg to differ with you here. I installed pgrun.c written by
> Petr Vilim and have found it very useful. After contacting Petr, I
> installed a "make" command that allows me to compile the MUD without
> having to enter the shell. When you edit the source via save-to-ftp,
> you find this more than a bit handy.
> Security is not that hard, as long as you protect each command with a
> final argument that contains a password. Of course, you want to check
> the player's idnum first.
I haven't finished it yet, but I'm sure someone has, why don't you
just write a quickie shell-out command. It's not the most difficult thing
in the world, if you can handle a pair of pipes. It's less of a nasty
kludge than writing access routines for each command you want to run, and
you can even run it through the login program (and get prompted for your
standard username/password) - which will help a tiny bit with security.
In my experience, unix accounts generally have better passwords than mud
accounts.
Of course, I question the whole concept of allowing shell access
in the first place - not even on security grounds, but on need. Isn't
actually logging into a shell more productive than writing functions,
recompiling, and then logging into a _Game_ to perform a small subset of
system commands?
After all, who'd need it? Coders? Builders maybe, to move
world/zone files around? Even if you were supplying the full range of
tools, it's still removing you from what you're actually doing - like
trying to assemble a clockwork watch in the dark, while wearing gloves.
I question the motivation and purpose.
> If a hacker is out to get you, there isn't much you can do.
Even if there's a good system cracker dedicating his life to 'get
you', there's alot you can do. You would start by not opening any more
potential access points into your system. I know if I thought my machine
was going to come under attack, I wouldn't open up an unvalidated or
poorly validated (read, most home-brew validation systems) channel to
allow said attacks to occur.
> I refuse to stay hudled up in a corner, cowering in fright while life
> passes me by.
Dude. You need to lay off the cough syrup. Okay?
There's a difference between intelligent proactive measures, and
primal fear. Of course, if 'life' is defined as 'allowing the ability to
run unsecured commands in shell from a mud', well, perhaps you need to get
out more.
Seriously. We're worried about you.
MoreActuallyObCircle:
Well, good news and bad news. I think I'll put out the source
code this weekend for the first barely working version of the graphical
editor. I guess that's the good news. Current features include:
- load and validation of zon & wld files based on the circlemud
'index' scheme.
- creation of said scheme from scratch.
- creation of new zones
- editing individual rooms
- creating new rooms
Of course, good is followed by bad:
- doesn't save - gunna write that tonight/sat and then release.
- interface sucks eggs.
- no map.
- no zone command, obj, mob, shp activity.
And worst of all:
In order to speed the creation, i've done two bad things - first,
I've eschewed even paying lip-service to any sort of c++ based
programming. Back to structs, macros, char arrays and what have you.
This facilitated the other bad thing..I've mass-cut&paste code from the
circlemud base. This means that the editor wasn't built in clean-room
conditions. I just didn't have time.
Which means, as a derived work, this may fall under some of the
licensing issues which apply to circlemud, and also, diku. I'm not sure
though. The curious issue though, is that it's not a mud. So, of the
points of the license I should;
1. Include the license.doc file.
2. not make money,
3. give authors credit
4. comply with diku license.
1&2 are nothing exciting. 3&4 are interesting in the way they are
worded; listings in credits files, help entry, login sequence,
change/modify the licensing info found in code.
uhm. An editor has none of those things.
I could write a splash screen to display credits and/or put them
in about, but - to be a bastard nitpicker who's going to eventually
rewrite it from scratch in the end - these are not specifically stated,
however implicitly they're expected to exist.
Frankly, I just don't want any sort of restrictions on it at all,
baring a GPL copyleft.
PjD
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 04/11/01 PDT