[MUD-Dev] Re: Player coding and security

Chris Gray cg at ami-cg.GraySage.Edmonton.AB.CA
Wed May 21 20:02:42 CEST 1997 

[Shawn H:]

:There were a few posts a couple weeks back, most substantively from
:Chris Lawrence (I think), where inheritance was explored as a security
:model.  I've no definite security model in mind yet, but I'll certainly
:need one.  How many of us are looking to have some form of
:user-programming anyway?  And to what degree are things
:user-programmable, for that matter?

Well, as is clear from my posts about MUD languages, I have full online
programming available. I have 3 "classes" of players: normal, apprentice
and wizard. Normal players can only use the stuff provided in the scenario,
so they are limited to the "programming" that the on-line building
code gives to them. Apprentices and wizards can go into the full
programming mode (all input is then statements/expressions in the
programming language), rather than going to the active command interpreter.
There are a few builtins that are restricted to full wizards. Also, the
owner of a 'thing' can set its permissions so that wizards can change
it but apprentices cannot. Also, output from non-wizards is prefixed
(on each line that contains any non-wizard text) by an '@', to let
users beware. Players can turn that feature off for themselves.

I've gone through a couple of models for security, after some short
discussions with Marcus Ranum several years ago (there was a discussion
on it in the newsgroups, and he was talking about the security in Uber).
Now, it is mostly security by invisibility. If you do not have a symbol
for a property available in an "in-use" symbol table, then you will
not see that property in a dump of a 'thing'. SysAdmin is exempt from
this limitation, of course. So, a wizard can make a fully private
property by simply never exporting its name. Without some sort of
reference to the property, which you cannot get from a 'thing' which
has the property, you cannot modify or retrieve the value of that
property on any 'thing's, even if you own the 'thing'.

It's by no means ideal, but it mostly works. I do run into problems
with it every now and then, but so far I've been able to work around them.

--
Chris Gray   cg at ami-cg.GraySage.Edmonton.AB.CA

More information about the mud-dev-archive mailing list