[Home] [Groups] - Message: [Prev in Group] [Next in Group]

nu.kanga.list.mud-dev

11610: Re: System Security (was: Re: [MUD-Dev] players who "take away from the game")

[Full Header] [Plain Text]
From: J C Lawrence <claw@cp.net>
Newsgroups: nu.kanga.list.mud-dev
Date: Thu, 11 Nov 1999 14:01:39 -0800
References: [1]
Organization: Kanga.Nu
On Wed, 10 Nov 1999 22:00:11 -0700 
cg  <cg@ami-cg.GraySage.Edmonton.AB.CA> wrote:

> [Eli Stevens:]
>> This got me wondering...  :)
>> 
>> What precautions should be taken when writing a MUD codebase from
>> scratch?  Are most security holes that a MUD box might have at
>> the OS level, or does having a program like a MUD running open up
>> opportunities that would not otherwise exist (assuming that the
>> ability to issue OS commands and such is not a feature)?

> Aha! A technical issue! :-)

<<Oops>>

> Having a MUD running isn't a problem if you are careful in what
> you let the MUD server do. Obviously! The main thing is likely to
> be that of system and communications load. If you are careful to
> *not* provide any ways by which MUD players can issue system
> commands, there shouldn't really be any issues outside of the MUD
> itself. A MUD server simply presents a socket that people can talk
> to. If it never, however indirectly, allows stuff that comes from
> client sockets to end up uneditted in a system command, then it
> should be safe.

If you bind to a port less than 1024 on a Unix system your server
must run as root.  Ergo, if there is a stack overflow ir similar
exploit in your server, an arbitrary user can obtain root access on
your system.

There are a couple simple ways to protect against this:

  -- setuid() away from root for all portions of the code that don't
deal with the sokcet calls.  You should do this sort of
setuid()/setgid() protection in any privileged code your write
anyway.  Always.  This leaves the exploint window inthe soket code
only, not your entire app/server.

  -- Use a helper program which runs as root to do the privileged
socket IO which then communicates to the server which runs as a
non-priviledged user via some other stack.

Other concerns are discussed in the documents I referenced.

--
J C Lawrence                              Internet: claw@kanga.nu
----------(*)                            Internet: coder@kanga.nu
...Honorary Member of Clan McFud -- Teamer's Avenging Monolith...


_______________________________________________
MUD-Dev maillist  -  MUD-Dev@kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev