[Home] [Groups] - Message: [Prev in Group] [Next in Group]
11610: Re: System Security (was: Re: [MUD-Dev] players who "take away from the game")
[Full Header] [Plain Text]
From: J C Lawrence <claw@cp.net>
Newsgroups: nu.kanga.list.mud-dev
Date: Thu, 11 Nov 1999 14:01:39 -0800
References: [1]
Organization: Kanga.Nu
On Wed, 10 Nov 1999 22:00:11 -0700
cg <cg@ami-cg.GraySage.Edmonton.AB.CA> wrote:
> [Eli Stevens:]
>> This got me wondering... :)
>>
>> What precautions should be taken when writing a MUD codebase from
>> scratch? Are most security holes that a MUD box might have at
>> the OS level, or does having a program like a MUD running open up
>> opportunities that would not otherwise exist (assuming that the
>> ability to issue OS commands and such is not a feature)?
> Aha! A technical issue! :-)
<<Oops>>
> Having a MUD running isn't a problem if you are careful in what
> you let the MUD server do. Obviously! The main thing is likely to
> be that of system and communications load. If you are careful to
> *not* provide any ways by which MUD players can issue system
> commands, there shouldn't really be any issues outside of the MUD
> itself. A MUD server simply presents a socket that people can talk
> to. If it never, however indirectly, allows stuff that comes from
> client sockets to end up uneditted in a system command, then it
> should be safe.
If you bind to a port less than 1024 on a Unix system your server
must run as root. Ergo, if there is a stack overflow ir similar
exploit in your server, an arbitrary user can obtain root access on
your system.
There are a couple simple ways to protect against this:
-- setuid() away from root for all portions of the code that don't
deal with the sokcet calls. You should do this sort of
setuid()/setgid() protection in any privileged code your write
anyway. Always. This leaves the exploint window inthe soket code
only, not your entire app/server.
-- Use a helper program which runs as root to do the privileged
socket IO which then communicates to the server which runs as a
non-priviledged user via some other stack.
Other concerns are discussed in the documents I referenced.
--
J C Lawrence Internet: claw@kanga.nu
----------(*) Internet: coder@kanga.nu
...Honorary Member of Clan McFud -- Teamer's Avenging Monolith...
_______________________________________________
MUD-Dev maillist - MUD-Dev@kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev