[DGD] Re: Out of curiosity...

Mikael Lind z94lind at mtek.chalmers.se
Mon May 25 10:27:55 CEST 1998 

On Mon, 25 May 1998, Richard Braakman wrote:

> Danne Solli wrote:
> > 
> > I was playing with the idea of making a really fat Auto-object. Putting in
> > environment-functions, inventory handling, action handling, all possible
> > string and array functions (strstr, filter_array etc) and all other stuff I
> > want to have easy access to. 
> 
> IgorMUD has exactly that.  You might want to take a look there.
> 
> The only problem I can think of is that it's very hard (and expensive)
> to get the security code right for filter_array and friends.  We've had
> some truck-size security holes there.

A couple of suggestions regarding the security issue:

1) Have filter_array() and similar add a prefix to the function, "func_" for
   instance. Hardly my idea at all...

2) Do a check similar to:

static varargs mixed *filter_array(mixed *arr, string func, mixed args...) {
    [...]
    if (function_object(func, this_object()) != previous_program()) {
	error("Function not defined by calling program");
    }
    [...]
}

3) Remove filter_array() and similar and use regular loops instead.
   Tick-sucking objects can be precompiled. I think this is the cleanest
   solution. Probably only an option at design level.

A couple obviousle means three in this context. :)

If 2) is used, I think that function_object(), this_object(),
previous_program() and perhaps also error() need to be made nomask. Masking
security functions is as far as I know a rather easy way of breaking
security.

The auto program               | Defines a security function.
inherited by the array program | Calls the function.
inherited by an object.        | Intercepts the call via a function mask.

The problem is that the array program might be considered privileged in
systems where previous_program() security is used...

Other scenarios are of course possible, involving unprivileged access to
net package functions.

L Mikael "eLeMeL" Lind                :: I wished for 4 cursed scrolls
z94lind at mtek.chalmers.se              :: of gold detection and all I
http://www.mtek.chalmers.se/~z94lind/ :: got was this lousy .signature



List config page:  http://list.imaginary.com/mailman/listinfo/dgd

More information about the DGD mailing list