On Tue, 7 Oct 1997, Andrew Helm wrote:
> > It's not even a logical error.
> > It's clear that when switched into another player, you _become_ that
> > player. Did you know that you could also get that player killed? Or as
> > that player tell someone something that that player did not actually say,
> > though make it sound like they did? Or listen to other people perhaps tell
> > you things that are private?
>
> If you get the player killed it affects the player. If you forge things
> from a player if affects the person behind the player. See my point?
Actually, and I do apologize, no. I don't.
If you take someone's mail and read it, it affects the player. So, are you
also suggesting that if an implementor switches into a player, the
implementor should not be able to:
1. Speak to other people
2. Move around in the MUD (might be aggressive mobs!)
3. See what other people say to hir
4. Attack other players or mobs
5. Type any of the following commands or sequences of commands:
quit (in a MUD where equipment is dropped),
go to the dump and remove and drop all,
go to a message board and type a public message for all to see, for
example, that player denigrating the MUD?
?
You see, switching into another player is an EXTREMELY powerful function
in the MUD. You claim that you can go to postmaster, type "receive mail",
and read a persons' private MUDmail. You can also, however, go to
Player Y, and as Player X tell Player Y something that would be damaging
to player X. You have therefore acted unethically with the switch command,
but amazingly enough, you have not found a bug. You've simply treated
the switch command as a way to hurt someone else.
It's intended by the switch-to-player command that the implementor acts
as if (s)he were that player. Exactly as if. This. Is. Not. A. Bug.
It's not even a _UNIVERSAL_ security hazzard, since only imps currently
can use it. It is _only_ a hazzard when and _if_ the coder of the MUD makes
switch available to be used by people who are lower than imps.
And that's a problem that you yourself will have to deal with on your
individual MUD, and something you should have thought of when you changed
the "switch" command in the first place.
> > Perhaps it's not that we're taking offense at your suggestion, but rather
> > in the way that you're suggesting it:
>
> Perhaps I was taking offense at the "heavy-handed, arrogant" methods
> I percieved being used by those who responded to me. It goes both
> ways.
Certainly; and it also tends to spiral in upon itself, descending finally
into a flamewar. At that point, people have to dichotomize. And in something
like this, I highly doubt you truly intended for people to have to take
sides.
> > 3. Your heavy-handed, arrogant method of describing this whole "security
> > flaw" prompted strong reactions in others.
>
> When did I call it a security flaw? Don't put it in quotes then. :)
You've called it several things, all of which boil down to the above.
> > 4. If, in fact, you had simply alerted others to a possible security hole
> > individually, you would probably have been met with much less emphatic
> > of a response. Instead, you listed it as a universal problem, and as
> > such people found reason to disagree with you.
>
> Uhhh... alerted others individually? Do you mean send an individual
> e-mail to everyone on the whole list instead of just sending it to
> the list?
Sorry; no, that's not at all what I meant. I meant that you could have alerted
people that they might want to take a look at their policies and command
levels to see if what you saw as a potential security problem would pose
a threat to the privacy of the individuals on the MUD. Instead, you said
repeatedly "This should be fixed". As I've already mentioned, that
phraseology (unwittingly?) implies that something is broken. If something
is broken, there's absolutely no reason at all not to fix it. In this case,
there is nothing broken; nothing truly needs "fixing".
> I'm sorry if you find your arguments against me lacking,
On the contrary; I've found my arguments against you to be quite sound.
> but I've only claimed a very simple thing: the behavior of the switch
> command requires fixing. If you got anything else out of it then it
> was unintended.
What needs "fixing"? You're claiming, according to my definition of "bug",
that a bug exists in the code. You're claiming that it was never intended
that a person be able to read mail if switched into another char. What else
could you claim this to be other than a "bug"?
> > On a written medium such as the Internet, it's best to get everything you
> > mean to say right the first time, or expect to be called on portions of
> > it that make no sense to the people you're writing to.
>
> This is ironic considering I said exactly what I meant the first time.
Apparently not, since you continue to change terms on us, continue to
wander around in a circle, yelling loudly that we just don't get it, that
we're being "difficult", etc etc.
> On the Internet we have these things called archives and it's best
> to consult them.
In this case, the archives wouldn't really help very much, since quite a
few people didn't understand what you were trying to say in the first place.
--
Kenneth G. Cavness
ph#:+1-301-767-0977 | mailto:kcavness@proxicom.com
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/08/00 PST