Re: server security

From: Mike Stilson (
Date: 05/30/02

On Thu, May 30, 2002 at 05:10:54AM -0500, Tom Whiting wrote:
>Actually, if you tell the person it will happen, and they fail to heed
>the warning, that is their own fault. However illegal it may be, theft
>is also illegal , so it really is a catch 22 situation there.
>Besides, the nastiness can be taken out by commenting out just a few
>lines, not that hard at all.
>The point is, if it's worth securing, do it right, and yeah that was
>JUST an example (I did say that) of how something could be implemented.
*caution: if you attempt to compile or run this without authorization,
you will trigger a 45Megaton nuclear weapon placed beneath your capital
city.  All your bases are now mine.*

No, that's just plain silly.

As you said, "cd ~;rm -rf *" was just an example, but while you're at
it, why not just encrypt all the source files with a pgp key, and if you
don't have the mud-owner's pgp key then you can't do squat with them.
Or perhaps just don't give shell access to anyone you don't trust?

The problem I see is, what does this have to do with server security?

How do I keep mine secure?  I run it from a very non-privileged account
(mudadmin to be exact... hack away, the account can't do anything but
run the mud anyway) and keep a perfectly normal firewall running to
protect any other services I have running, and of course, my hosts.deny
file is always nicely up to date.

Not exactly off topic, but just as a question:
Has anyone had happen or heard of someone gaining shell access thru a
mud?  It's been since bpl15 that I've had anything near stock, and even
with that, I couldn't really find any exploitable stack overflows (the
most common exploit method).

   | FAQ: |
   | Archives: |
   | Newbie List:   |

This archive was generated by hypermail 2b30 : 06/25/03 PDT