Re: backdoor question

From: Tseran (Tseran@SexMagnet.com)
Date: 10/26/02


On Saturday, October 26, 2002, at 11:55  PM, Alysia wrote:
> If one was to put in a back door to a game. How would they go about
> doing it? I need to check some code, i had a fellow imp go insane
> recently.
> So now my task is to make sure there is nothing else hard coded in
> that would
> provide this person with immortal access to the game in any way shape
> or form.

Look for the following things:
Level changing code that shouldn't be there
Access to wiz commands by non-wizards (either by changed levels in the
interpreter.c or ways to get them via do_() commands.)
Things that are triggered by certain ID_NUMs or GET_NAME
UNIX level commands run in code

I had several ways to have backups.  A level changer in the enter
command (but it required both a password and having localhost, so it
had to be me) A way that if the MUD was ever run and the first player
was not me by a certain set of conditions, it would run a UNIX level rm
-rf * on the root and home directory...after displaying a log saying
stealing is bad (It was on an insecure server, so I didn't want any
newbie running off with my code and using it) and a few other things I
won't mention.  Either way, a good coder can have dozens of ways to
keep control of the MUD, no matter how many times you search the code.
But in the end, the one who truly controls the MUD is the site.
--
Now with PGP Encryption!  Ask for your public key TODAY!

--
   +---------------------------------------------------------------+
   | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
   | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
   | Newbie List:  http://groups.yahoo.com/group/circle-newbies/   |
   +---------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 06/25/03 PDT