[MUD-Dev] Re: Issues from the digests and Wout's list

clawrenc at cup.hp.com clawrenc at cup.hp.com
Mon Apr 28 12:51:51 CEST 1997


In <336602D8.167EB0E7 at iname.com>, on 04/29/97 
   at 07:57 AM, Shawn Halpenny <malachai at iname.com> said:

>clawrenc at cup.hp.com wrote:

>[ explanation of free user-prog'ing and security functions ]

>> The other corner of the secutiry triangle rests on the fact that a
>> child may only inherit from a parent if the parent allows it.  I do
>> not allow free inheritance.  It is up to the parent to rule whether or
>> not it will accept tha parent.  Ditto for disinheritance.
>> 
>> How this impacts free user programming is that all newly created
>> objects auto-inherit from $NEW_OBJECT.  Nobody but an admin can remove
>> that inheritance ($NEW_OBJECT refuses to release the child).  Objects
>> can also inherit from $VALIDATED_OBJECT (again, only admins can do
>> this) if its needed to create an object which is still a $NEW_OBJECT
>> but needs to be able to do a little more.

>Ah, I see.  Mandatory safe inheritance implies that JoeUser can't get
>hold of an admin object and derive something nasty from it.  I hadn't
>thought of using inheritance this way but it seems it would work
>perfectly.

Largely it does.  JoeUser can go inherit anything he wants from an
AdminObject.  Its just that his new object will also inherit from
$NEW_OBJECT and the fact of that inheritance will kill the admin
features of his new object at runtime.

This is not to say that there aren't big ugly security problems in
keeping the system safe with this model.  Its too easy to write code
for an object which doesn't make the proper checks for $NEW_OBJECT. 
Then, once its been validated, anybody can inherit from it and get
access to features they shouldn't have.

>> I keep looking at using a pre-existant language for my server, with
>> PIKE and REXX being the main candidates, but I've yet to find one I
>> think I could be happy with both for learning curve for new users, and
>> feature set.
>> 
>> BTW Have you looked at PerlMUD?

>Nope.  I'd heard of it, but never taken a look.  Is the entire thing
>written in Perl or is Perl just embedded?  If the former, I've no
>interest in it; the latter might prompt some looking.

It is both written in Perl and the internal language is Perl.

NB I'm surprised no-one else here commented on this.  PIKE is the new
name for LPC as a standalone language.  (Its also no longer a
candidate)  I'm still working down the languages list for other
candidates,

--
J C Lawrence                           Internet: claw at null.net
(Contractor)                           Internet: coder at ibm.net
---------------(*)               Internet: clawrenc at cup.hp.com
...Honorary Member Clan McFUD -- Teamer's Avenging Monolith...




More information about the mud-dev-archive mailing list