[DGD] Re: 1.1.37
Felix A. Croes
felix at dworkin.nl
Mon Mar 16 15:50:12 CET 1998
Jason Cone <jcone at cs.tamu.edu> wrote:
>[...]
> *laugh* Fair enough. However, I really dislike that word... "unsafe". It
> sends a somewhat unwelcome shiver up me spine. ;) Do you care to expound on
> this issue? I consider the use of the Net Package an incredibly important
> one and, honestly, one that I can't be totally productive without. Well,
> not totally true, but I won't be able to implement all the things that I'd
> like to. Anyway, does "unsafe" mean that the integrity of OS that DGD is
> running on is unsafe? Or is it more inclined to describe the unstability of
> DGD's code while using the Net Package? I personally would like to know all
> the issues at hand before subscribing 100% to this piece of functionality.
What I consider unsafe about the net package is the fact that it allows
outbound connections. It means that someone who breaks the security of
the mud can use it to assault another host. As long as the server
remains a program that can only respond, the worst thing it can do to
your machine is use 100% CPU time, use up a lot of memory, and crash to
leave a large core dump -- it cannot alter or even read files outside
the mudlib directory. If you make a separate file system partition for
the mud, it cannot even use up space intended for other files.
Another possible problem is masquerading -- with the net package, the
server can pretend to be something else by accepting connections on
the appropriate port. This is of course useful if it happens to be
what you want as a mud designer, but it can also be extremely useful
for a hacker. I prefer the ports that the server listens on to be
determined by the config file, instead. (The same problem may occur
if you keep the config file or the swapfile inside the mudlib tree --
never do that.)
Regards,
Dworkin
P.S. Stability has not been a problem with the networking package for
years.
More information about the DGD
mailing list