System Security (was: Re: [MUD-Dev] players who "take away from the game")

J C Lawrence claw at cp.net
Thu Nov 11 14:01:39 CET 1999 

On Wed, 10 Nov 1999 22:00:11 -0700 
cg  <cg at ami-cg.GraySage.Edmonton.AB.CA> wrote:

> [Eli Stevens:]
>> This got me wondering...  :)
>> 
>> What precautions should be taken when writing a MUD codebase from
>> scratch?  Are most security holes that a MUD box might have at
>> the OS level, or does having a program like a MUD running open up
>> opportunities that would not otherwise exist (assuming that the
>> ability to issue OS commands and such is not a feature)?

> Aha! A technical issue! :-)

<<Oops>>

> Having a MUD running isn't a problem if you are careful in what
> you let the MUD server do. Obviously! The main thing is likely to
> be that of system and communications load. If you are careful to
> *not* provide any ways by which MUD players can issue system
> commands, there shouldn't really be any issues outside of the MUD
> itself. A MUD server simply presents a socket that people can talk
> to. If it never, however indirectly, allows stuff that comes from
> client sockets to end up uneditted in a system command, then it
> should be safe.

If you bind to a port less than 1024 on a Unix system your server
must run as root.  Ergo, if there is a stack overflow ir similar
exploit in your server, an arbitrary user can obtain root access on
your system.

There are a couple simple ways to protect against this:

  -- setuid() away from root for all portions of the code that don't
deal with the sokcet calls.  You should do this sort of
setuid()/setgid() protection in any privileged code your write
anyway.  Always.  This leaves the exploint window inthe soket code
only, not your entire app/server.

  -- Use a helper program which runs as root to do the privileged
socket IO which then communicates to the server which runs as a
non-priviledged user via some other stack.

Other concerns are discussed in the documents I referenced.

--
J C Lawrence                              Internet: claw at kanga.nu
----------(*)                            Internet: coder at kanga.nu
...Honorary Member of Clan McFud -- Teamer's Avenging Monolith...


_______________________________________________
MUD-Dev maillist  -  MUD-Dev at kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list