Re: mud code stolen

From: Eduo (
Date: 12/03/98

On Thu, 3 Dec 1998, Brian wrote:

> What did you do?  Is it a loophole in the security of the system
> you're using?  I ask because I would like to test the security of the
> system I'm on.  If anyone can just swipe my code, anytime they want,
> then I need to do something about it. What tests can I make to see if
> I can find out if my site/account is secure from another account on
> the same system?

The best way to insure that your code will not be accesible to *anyone* is
to use a Macintosh, from there up you'll deal with ever more problems
where the unixen are in both ends (linux in one end, IRIX in the other) of
security <--> insecurity, with the different flavors of windows right in
the middle.

You have first to control *completely* the access to the machine via
conventional methods. That is physically (someone comes over with a SCSI
disk and copies the whole thing) or logically (having telnet access is
asking for intruders, as is FTP access). A site with several FTP accounts
is one of the biggest holes there are because usually any user can see
(just not modify) any other user's documents, unless the permissions have
been set differently.

From there on the access can be much more subtle. All the unixen have
different degrees  of insecurity holes (I don't like calling them
"security holes".:), IRIX being just the worse system to have any sensible
information on.

For information about specifics on security issues for unix you can check
here, both the problems and their solutions:

For windows... Well, you can never be sure with Windows... You protect
everything and then a jerk comes up with a winnuke program and nukes you
out the net.

I recommend all the people here running unix to visit rootshell.


Eduardo Gutierrez de Oliveira   Mythago//On   ICQ# 3824675
 Centro de Investigacion  CIATEQ,A.C. -- MEXICO  Research Center Queretaro
General Electric Center of Excellence   -    Manager of Information Systems

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/15/00 PST