Re: server security

• Next message: Thomas Arp: "Strange occurencies in Borland makefile"
• Previous message: Ray Campbell: "Re: [NEWBIE?] [QUESTION]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 30, 2002 at 05:10:54AM -0500, Tom Whiting wrote:
>Actually, if you tell the person it will happen, and they fail to heed
>the warning, that is their own fault. However illegal it may be, theft
>is also illegal , so it really is a catch 22 situation there.
>
>Besides, the nastiness can be taken out by commenting out just a few
>lines, not that hard at all.
>
>The point is, if it's worth securing, do it right, and yeah that was
>JUST an example (I did say that) of how something could be implemented.
>
*caution: if you attempt to compile or run this without authorization,
you will trigger a 45Megaton nuclear weapon placed beneath your capital
city.  All your bases are now mine.*

No, that's just plain silly.

As you said, "cd ~;rm -rf *" was just an example, but while you're at
it, why not just encrypt all the source files with a pgp key, and if you
don't have the mud-owner's pgp key then you can't do squat with them.
Or perhaps just don't give shell access to anyone you don't trust?

The problem I see is, what does this have to do with server security?

How do I keep mine secure?  I run it from a very non-privileged account
(mudadmin to be exact... hack away, the account can't do anything but
run the mud anyway) and keep a perfectly normal firewall running to
protect any other services I have running, and of course, my hosts.deny
file is always nicely up to date.


Not exactly off topic, but just as a question:
Has anyone had happen or heard of someone gaining shell access thru a
mud?  It's been since bpl15 that I've had anything near stock, and even
with that, I couldn't really find any exploitable stack overflows (the
most common exploit method).

--
   +---------------------------------------------------------------+
   | FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
   | Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
   | Newbie List:  http://groups.yahoo.com/group/circle-newbies/   |
   +---------------------------------------------------------------+

• Next message: Thomas Arp: "Strange occurencies in Borland makefile"
• Previous message: Ray Campbell: "Re: [NEWBIE?] [QUESTION]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 06/25/03 PDT