[MUD-Dev] strong encryption for authentication

Fred Clift fclift at verio.net
Mon Jul 16 17:07:33 CEST 2001 

On Fri, 13 Jul 2001, J C Lawrence wrote:
> On Fri, 13 Jul 2001 11:28:10 -0600 (MDT) 
> Fred Clift <fclift at verio.net> wrote:

>> My main motivation here is to not allow someone to leverage mud
>> access into local shell access (and thence into root access on
>> the box).

> Are you running in a chroot()ed environment?

Doesn't matter -- it's usually not too hard to break out of chrooted
environment - FreeBSD jail is marginally better, but still needs
some work.

> Presuming you are running Linux, I would be tempted to install one
> of the (many) capabilities systems and then carefully restrict
> both the capabilities of your game server, its children, the
> account it runs under as well root itself (I normally like bolting
> down root to the point that it can't actually do anything without
> a controlled reboot with console access to bring the system back
> up in a mode where root can actually do things).

chflags (schg) on freebsd lets you make binaries immutable -- if you
are in the right security mode, then you have to be in single user
mode to un-'immutable'-ize binaries... (though I've not been using
this feature :)

> What clients are they using on what platforms?  For *nix systems
> an...

Hm -- some windows, some unix (linux) but yeah -- from either of
those platforms you can ssh tunnel for people I tust with shell
access.  For those I dont, I'd rather have something more tightly
integrated into the game so I can do access-control (per IP etc) and
have good logging.  Openssl has most of it's functions in a library
that I can link in I guess...

> I'd be more tempted to setup MindTerm's Java SSH client under an
> SSL webpage such that it logs directly into your game server.

Hm -- this isn't a bad idea that I hadn't yet considered...
<ponder>.

Fred

--
Fred Clift - fclift at verio.net -- Remember: If brute 
force doesn't work, you're just not using enough.

_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list