Re: [code] switch bug (sort of)

From: Kenneth G. Cavness (kcavness@PROXICOM.COM)
Date: 10/07/97

On Tue, 7 Oct 1997, Andrew Helm wrote:

> >
> > If you wish to remove the ability to get mail with a switched char,
> > just take it out yourself.
> Obviously.
> > Your request is not universally approved and
> > I don't think that you're making your point well enough for it to become
> > universally approved.
> I haven't requested anything of anybody. I've informed people on
> the list of a bug/possible ethical problem/whatever the hell you want
> to call it that I think they may be interested in. Currently anyone
> who can switch into another char will be able to read their mail
> completely unsupervised and unlogged. It's obviously an unplanned
> for side affect of the switch command, and if you want an implementation
> of a "mail snooping" command there are much better ways to do it (ways
> that don't depend on the character being link-dead, ways that provide
> some control over who can read what, ways that log who is
> snooping around, and most importantly ways that can prevent
> certain people's (like the head implementor's) mail from being
> read).
> Personally, I don't give a damn if you fix the bug or not. :)
> However, people who like the idea of being able to read other's
> mail will want to take it out. People who don't like the idea
> of reading other people's mail will want to take it out. As
> far as I can tell, the only reason to leave it in is because
> you just don't care or you're just lazy, which is perfectly
> acceptable to me. I don't expect everyone to jump and fix
> this bug, especially since it depends on the other char
> being link-dead and the offending char being high level
> enough to switch (usually you can trust your high-level
> people). What I don't understand is why you're taking
> such offense at the fact I would suggest people would
> want to fix the problem.

1. You make it seem like a bug; it's not. It's not even a logical error.
   It's clear that when switched into another player, you _become_ that
   player. Did you know that you could also get that player killed? Or as
   that player tell someone something that that player did not actually say,
   though make it sound like they did? Or listen to other people perhaps tell
   you things that are private?

2. In the beginning, since you thought it was a bug, you seemed to be
   asking for it to be fixed in future versions of Circle.

Perhaps it's not that we're taking offense at your suggestion, but rather
in the way that you're suggesting it:

3. Your heavy-handed, arrogant method of describing this whole "security
   flaw" prompted strong reactions in others. You list it as a "fact" that
   it's a bug -- in fact, the entire thing with being able to switch into
   other players is one huge security hole and anyone choosing to use it had
   already better have a damn good reason for using it. It's not just
   limited to mail. You tell other people "Fix it" -- before you so
   graciously say "fix it or no, I don't care".

4. If, in fact, you had simply alerted others to a possible security hole
   individually, you would probably have been met with much less emphatic
   of a response. Instead, you listed it as a universal problem, and as
   such people found reason to disagree with you.

On a written medium such as the Internet, it's best to get everything you
mean to say right the first time, or expect to be called on portions of
it that make no sense to the people you're writing to.

Kenneth G. Cavness

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/08/00 PST