[DGD] Re: Net Security

Jason Cone jcone at cs.tamu.edu
Tue Mar 17 07:50:25 CET 1998 

-----Original Message-----
From: Sten Lindgren <ged at solace.mh.se>
To: dgd at imaginary.com <dgd at imaginary.com>
Date: Tuesday, March 17, 1998 12:25 AM
Subject: [DGD] Re: Net Security


>In my experience there is always one more security flaw that can be
>exploited, and there will be those who try to explot them. Personaly I
>would not allow any mud that can initiate outgoing connection on any
>system Im resposible for if I do have a say in the matter. It might become
>a very tempting place to initiate an attack on other systems for some
>people, and those attacks would be traced back to the mud (if traced at
>all). I certainly wouldn't like to be the admin of a mud having to explain
>how it was possible to attack someone elses system through my mud and at
>the same time trying to explain why the mud shouldn't be nuked immediatly.
>Of cource this is my point of view, and Im personally very happy Dworkin
>decided not to include any net package in his driver, the day that should
>happend I would hope the feature could be turned off.


I totally agree.  However, this is the challenge that administrators face
every day - which people to allow to code for them and which to deny.  My
development team is limited to 3 people right now - I don't see it getting
any bigger in the near future because I'm really cautious when it comes to
letting people have access to (and potentially altering) my code.  While
it's a lame response, I'd say that if you pick people to code for you that
are going to use your MUD for malevolent purposes, then it's ultimately your
responsibility.  I know there are those of you that will totally disagree
with this, but I don't see how an administrator can blame the code for an
individual's irresponsibility.

To further explain my original post, you can totally keep the networked
functionality from being usable by MUD Creators/Wizards/Programmers.  I
myself have restricted the use of connect() and open_port() to 2 objects -
the Intermud-3 object and the FTP object.  Even I (as an Archon - the equiv
of the stereotypical Admin) can't open a connection.

As a disclaimer, I totally understand why Felix doesn't want the net package
as de facto functionality in DGD and I fully respect that.  I also think,
however, that the limitations/concerns that have been posted can be avoided
for the most part by responsible design and responsible administration.


>As for services like SMTP and FTP they can be implemented using external
>written programs that initiates a connection to the mud if it needs some
>data from the mud itself (like acess permissions or whatever).


True, but it makes things like accessing a Creator's priviledges to a
certain MUD directory via a non-LPC program a real pain.  I've seen FTP
servers written in Perl that don't require entries in the inetd sysytem
config file, but they are nowhere near as flexibile as those written in LPC.


--
  Jason H. Cone
  Dept. Computer Science
  Texas A&M University
  jcone at cs.tamu.edu





List config page:  http://list.imaginary.com/mailman/listinfo/dgd

More information about the DGD mailing list