Re: Was: Rare Bug Now: Dumping Cores

From: Mike Stilson (
Date: 10/09/01

On Tue, Oct 09, 2001 at 03:05:57PM -0500, Patrick Dughi wrote:
>        Woohoo! Let's crack his machine via the mud!  He's given the
>process superuser privledges! Huzzah! :)

Been tried... pretty funny to watch ;)

>        Seriously people, this isn't the right way to do it.
Never claimed right or wrong (if I remember, I just claimed it was lazy

>        If, for some godforsaken reason you really REALLY have to use
>setrlimit, immediately after, setuid & setgid to something reasonable.
>Like an account specifically made to run insecure apps which can be easily
>crashed by user input.

Which it did in the very block of code.  Being overly paranoid, the
running version of the mud ran chrooted under a locked account with
/bin/false as its shell, and all those other assorted goodies.

Without going into LOTS of details, let's just say I had problems with
file ownerships, rw permissions, etc from various builders using
standalone tools, the occasional screwup while testing leaving a pfile
with wrong perms, (Adding a test: clause to makefile to call circle -d
mudtest/lib fixed that one up) and other annoying screwups over time
brought it about in the first place.

In fact, noticing the past tense of this note, those problems were fixed
a while ago, and that code got all #if 0'ed out.


   | FAQ: |
   | Archives: |

This archive was generated by hypermail 2b30 : 12/06/01 PST