> > Hrmm, I beg to differ with you here. I installed pgrun.c written by > Petr Vilim and have found it very useful. After contacting Petr, I > installed a "make" command that allows me to compile the MUD without > having to enter the shell. When you edit the source via save-to-ftp, > you find this more than a bit handy. > Security is not that hard, as long as you protect each command with a > final argument that contains a password. Of course, you want to check > the player's idnum first. I haven't finished it yet, but I'm sure someone has, why don't you just write a quickie shell-out command. It's not the most difficult thing in the world, if you can handle a pair of pipes. It's less of a nasty kludge than writing access routines for each command you want to run, and you can even run it through the login program (and get prompted for your standard username/password) - which will help a tiny bit with security. In my experience, unix accounts generally have better passwords than mud accounts. Of course, I question the whole concept of allowing shell access in the first place - not even on security grounds, but on need. Isn't actually logging into a shell more productive than writing functions, recompiling, and then logging into a _Game_ to perform a small subset of system commands? After all, who'd need it? Coders? Builders maybe, to move world/zone files around? Even if you were supplying the full range of tools, it's still removing you from what you're actually doing - like trying to assemble a clockwork watch in the dark, while wearing gloves. I question the motivation and purpose. > If a hacker is out to get you, there isn't much you can do. Even if there's a good system cracker dedicating his life to 'get you', there's alot you can do. You would start by not opening any more potential access points into your system. I know if I thought my machine was going to come under attack, I wouldn't open up an unvalidated or poorly validated (read, most home-brew validation systems) channel to allow said attacks to occur. > I refuse to stay hudled up in a corner, cowering in fright while life > passes me by. Dude. You need to lay off the cough syrup. Okay? There's a difference between intelligent proactive measures, and primal fear. Of course, if 'life' is defined as 'allowing the ability to run unsecured commands in shell from a mud', well, perhaps you need to get out more. Seriously. We're worried about you. MoreActuallyObCircle: Well, good news and bad news. I think I'll put out the source code this weekend for the first barely working version of the graphical editor. I guess that's the good news. Current features include: - load and validation of zon & wld files based on the circlemud 'index' scheme. - creation of said scheme from scratch. - creation of new zones - editing individual rooms - creating new rooms Of course, good is followed by bad: - doesn't save - gunna write that tonight/sat and then release. - interface sucks eggs. - no map. - no zone command, obj, mob, shp activity. And worst of all: In order to speed the creation, i've done two bad things - first, I've eschewed even paying lip-service to any sort of c++ based programming. Back to structs, macros, char arrays and what have you. This facilitated the other bad thing..I've mass-cut&paste code from the circlemud base. This means that the editor wasn't built in clean-room conditions. I just didn't have time. Which means, as a derived work, this may fall under some of the licensing issues which apply to circlemud, and also, diku. I'm not sure though. The curious issue though, is that it's not a mud. So, of the points of the license I should; 1. Include the license.doc file. 2. not make money, 3. give authors credit 4. comply with diku license. 1&2 are nothing exciting. 3&4 are interesting in the way they are worded; listings in credits files, help entry, login sequence, change/modify the licensing info found in code. uhm. An editor has none of those things. I could write a splash screen to display credits and/or put them in about, but - to be a bastard nitpicker who's going to eventually rewrite it from scratch in the end - these are not specifically stated, however implicitly they're expected to exist. Frankly, I just don't want any sort of restrictions on it at all, baring a GPL copyleft. PjD +------------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html | +------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 04/11/01 PDT