Re: Ports

From: Patrick Dughi (dughi@imaxx.net)
Date: 09/08/00


>
> Hrmm, I beg to differ with you here. I installed pgrun.c written by
> Petr Vilim and have found it very useful. After contacting Petr, I
> installed a "make" command that allows me to compile the MUD without
> having to enter the shell. When you edit the source via save-to-ftp,
> you find this more than a bit handy.
> Security is not that hard, as long as you protect each command with a
> final argument that contains a password. Of course, you want to check
> the player's idnum first.

        I haven't finished it yet, but I'm sure someone has, why don't you
just write a quickie shell-out command.  It's not the most difficult thing
in the world, if you can handle a pair of pipes.  It's less of a nasty
kludge than writing access routines for each command you want to run, and
you can even run it through the login program (and get prompted for your
standard username/password) - which will help a tiny bit with security.
In my experience, unix accounts generally have better passwords than mud
accounts.

        Of course, I question the whole concept of allowing shell access
in the first place - not even on security grounds, but on need.  Isn't
actually logging into a shell more productive than writing functions,
recompiling, and then logging into a _Game_ to perform a small subset of
system commands?

        After all, who'd need it?  Coders? Builders maybe, to move
world/zone files around?  Even if you were supplying the full range of
tools, it's still removing you from what you're actually doing - like
trying to assemble a clockwork watch in the dark, while wearing gloves.

        I question the motivation and purpose.

> If a hacker is out to get you, there isn't much you can do.

        Even if there's a good system cracker dedicating his life to 'get
you', there's alot you can do.  You would start by not opening any more
potential access points into your system.  I know if I thought my machine
was going to come under attack, I wouldn't open up an unvalidated or
poorly validated (read, most home-brew validation systems) channel to
allow said attacks to occur.

> I refuse to stay hudled up in a corner, cowering in fright while life
> passes me by.

        Dude. You need to lay off the cough syrup. Okay?

        There's a difference between intelligent proactive measures, and
primal fear.  Of course, if 'life' is defined as 'allowing the ability to
run unsecured commands in shell from a mud', well, perhaps you need to get
out more.

        Seriously. We're worried about you.


MoreActuallyObCircle:

        Well, good news and bad news.  I think I'll put out the source
code this weekend for the first barely working version of the graphical
editor. I guess that's the good news. Current features include:

        - load and validation of zon & wld files based on the circlemud
'index' scheme.
        - creation of said scheme from scratch.
        - creation of new zones
        - editing individual rooms
        - creating new rooms

        Of course, good is followed by bad:

        - doesn't save - gunna write that tonight/sat and then release.
        - interface sucks eggs.
        - no map.
        - no zone command, obj, mob, shp activity.

        And worst of all:

        In order to speed the creation, i've done two bad things - first,
I've eschewed even paying lip-service to any sort of c++ based
programming.  Back to structs, macros, char arrays and what have you.
This facilitated the other bad thing..I've mass-cut&paste code from the
circlemud base.  This means that the editor wasn't built in clean-room
conditions.  I just didn't have time.

        Which means, as a derived work, this may fall under some of the
licensing issues which apply to circlemud, and also, diku.  I'm not sure
though.  The curious issue though, is that it's not a mud.  So, of the
points of the license I should;

        1. Include the license.doc file.
        2. not make money,
        3. give authors credit
        4. comply with diku license.

        1&2 are nothing exciting. 3&4 are interesting in the way they are
worded; listings in credits files, help entry, login sequence,
change/modify the licensing info found in code.

        uhm. An editor has none of those things.

        I could write a splash screen to display credits and/or put them
in about, but - to be a bastard nitpicker who's going to eventually
rewrite it from scratch in the end - these are not specifically stated,
however implicitly they're expected to exist.

        Frankly, I just don't want any sort of restrictions on it at all,
baring a GPL copyleft.

                                                PjD


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 04/11/01 PDT