[DGD] Securing my shell demons.

Shentino shentino at gmail.com
Thu Aug 3 21:37:01 CEST 2006


I just discovered that Bash can do TCP redirects with
/dev/tcp/host/port type filenames, and I added this to allow an
external shell to connect to DGD, thus allowing external commands to
be run by the mudlib...without having to add a shell kfun.

Now I'm trying to secure it from spoofing (either fake mudlib on real
shell or fake shell on real mudlib) and wanted to check here for
suggestions.

I'm thinking that a randomly generated magic cookie written in a
secure location could be used as a way for the mudlib and the shell
daemon to authenticate each other, but I'm not sure.  Anyone notice
any fallacies here?



More information about the DGD mailing list