On Tue, Oct 09, 2001 at 03:05:57PM -0500, Patrick Dughi wrote: > Woohoo! Let's crack his machine via the mud! He's given the >process superuser privledges! Huzzah! :) Been tried... pretty funny to watch ;) > Seriously people, this isn't the right way to do it. Never claimed right or wrong (if I remember, I just claimed it was lazy ;) > If, for some godforsaken reason you really REALLY have to use >setrlimit, immediately after, setuid & setgid to something reasonable. >Like an account specifically made to run insecure apps which can be easily >crashed by user input. Which it did in the very block of code. Being overly paranoid, the running version of the mud ran chrooted under a locked account with /bin/false as its shell, and all those other assorted goodies. Without going into LOTS of details, let's just say I had problems with file ownerships, rw permissions, etc from various builders using standalone tools, the occasional screwup while testing leaving a pfile with wrong perms, (Adding a test: clause to makefile to call circle -d mudtest/lib fixed that one up) and other annoying screwups over time brought it about in the first place. In fact, noticing the past tense of this note, those problems were fixed a while ago, and that code got all #if 0'ed out. -me -- +---------------------------------------------------------------+ | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html | | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html | +---------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/06/01 PST