back doors into lambda core and the do out of ban on #0
1 view
Skip to first unread message
Nathan Smith
Sep 16, 2016, 4:18:59 PM9/16/16
to MOO Talk
hey folks
So recently I've been wanting to tighten upsecurity on the lambda core database but am not sure quite where to start.
For 1, what exactly is DOOBC or do out of banned command.
It seems to have absolutely no point at all.
Question 2:
Backdoors, are there known bugs with lambda core? not the server, but the core?
for example, is there a thing on #10 that allows someone to be like, hey! *edits code* *lists cod*
finally, is there a work through to allow players to view code on #10 or #0, they seem to be linked is all, via the do_login_command.
I'd love love love if you guys can be swift in your responses, as security is my top priority.
Thanks so much.
So recently I've been wanting to tighten upsecurity on the lambda core database but am not sure quite where to start.
For 1, what exactly is DOOBC or do out of banned command.
It seems to have absolutely no point at all.
Question 2:
Backdoors, are there known bugs with lambda core? not the server, but the core?
for example, is there a thing on #10 that allows someone to be like, hey! *edits code* *lists cod*
finally, is there a work through to allow players to view code on #10 or #0, they seem to be linked is all, via the do_login_command.
I'd love love love if you guys can be swift in your responses, as security is my top priority.
Thanks so much.
Littlefield, Tyler
Sep 16, 2016, 5:17:35 PM9/16/16
to Nathan Smith, MOO Talk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
See answers inline.
the mud doesn't have to process with everything else. It's useful for
protocols. Disable it and call it a day in options.h
think if there were known security bugs they would've been fixed or be
common knowledge. That's not to say that they don't exist. This is
just the core itself though, there's nothing that says your own
do_login_command won't have any issues, but I can't imagine them being
issues that allow you to just get code.
etc. That would be dangerous.
> Google Groups "MOO Talk" group. To unsubscribe from this group and
> stop receiving emails from it, send an email to
> MOO-talk+u...@googlegroups.com
> <mailto:MOO-talk+u...@googlegroups.com>. To post to this
> group, send email to MOO-...@googlegroups.com
> <mailto:MOO-...@googlegroups.com>. Visit this group at
> https://groups.google.com/group/MOO-talk. For more options, visit
> https://groups.google.com/d/optout.
- --
Take care,
Ty
Twitter: @sorressean
Web: https://tysdomain.com
Pubkey: https://tysdomain.com/files/pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJX3FgMAAoJEAdP60+BYxejRUAIAJE0lPXDDRk0GpZOYkKzoSlv
WsUJtjM8oK1/Uc1s3/34AoETend7xp2WLJ9oXZkdFzATTX32UrQQ9X5A8VzatHso
4RavXQHtjBJfLCELPwKyYjv9V3QaAyuI1+sLszOvKwXZKJfNESvTZ0abM/9SQbTQ
mxA89ztzh5qk2d3PoDCZjy+yJeLOq05Tjozp2dWN756pheldBtLV41cQd5Zqtd1a
UHxUKy/oYMBhijNhGAPrQLN3j8ZGCtf40JdqitKI9PkcV+VNj/BzoatPwp2lJk6M
nT4byk7QARArbqYmIVz7NoMpvQ+MfyJ+QRLzL16al1u+KwyEMEUUH82Do6araR0=
=9Adi
-----END PGP SIGNATURE-----
Hash: SHA1
See answers inline.
On 9/16/2016 4:53 AM, Nathan Smith wrote:
> hey folks So recently I've been wanting to tighten upsecurity on
> the lambda core database but am not sure quite where to start. For
> 1, what exactly is DOOBC or do out of banned command. It seems to
> have absolutely no point at all.
The use of out of band commands is to allow you to send commands that
> hey folks So recently I've been wanting to tighten upsecurity on
> the lambda core database but am not sure quite where to start. For
> 1, what exactly is DOOBC or do out of banned command. It seems to
> have absolutely no point at all.
the mud doesn't have to process with everything else. It's useful for
protocols. Disable it and call it a day in options.h
> Question 2: Backdoors, are there known bugs with lambda core? not
> the server, but the core?
[I've not heard of any. There was apparently one with WAIFs, but I
> the server, but the core?
think if there were known security bugs they would've been fixed or be
common knowledge. That's not to say that they don't exist. This is
just the core itself though, there's nothing that says your own
do_login_command won't have any issues, but I can't imagine them being
issues that allow you to just get code.
> for example, is there a thing on #10 that allows someone to be
> like, hey! *edits code* *lists cod*
>
No. because that would allow someone to just make themselves a wizard,
> like, hey! *edits code* *lists cod*
>
etc. That would be dangerous.
> finally, is there a work through to allow players to view code on
> #10 or #0, they seem to be linked is all, via the
> do_login_command.
No again.
> #10 or #0, they seem to be linked is all, via the
> do_login_command.
> I'd love love love if you guys can be swift in your responses, as
> security is my top priority. Thanks so much.
>
> -- You received this message because you are subscribed to the
> security is my top priority. Thanks so much.
>
> Google Groups "MOO Talk" group. To unsubscribe from this group and
> stop receiving emails from it, send an email to
> MOO-talk+u...@googlegroups.com
> <mailto:MOO-talk+u...@googlegroups.com>. To post to this
> group, send email to MOO-...@googlegroups.com
> <mailto:MOO-...@googlegroups.com>. Visit this group at
> https://groups.google.com/group/MOO-talk. For more options, visit
> https://groups.google.com/d/optout.
- --
Take care,
Ty
Twitter: @sorressean
Web: https://tysdomain.com
Pubkey: https://tysdomain.com/files/pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJX3FgMAAoJEAdP60+BYxejRUAIAJE0lPXDDRk0GpZOYkKzoSlv
WsUJtjM8oK1/Uc1s3/34AoETend7xp2WLJ9oXZkdFzATTX32UrQQ9X5A8VzatHso
4RavXQHtjBJfLCELPwKyYjv9V3QaAyuI1+sLszOvKwXZKJfNESvTZ0abM/9SQbTQ
mxA89ztzh5qk2d3PoDCZjy+yJeLOq05Tjozp2dWN756pheldBtLV41cQd5Zqtd1a
UHxUKy/oYMBhijNhGAPrQLN3j8ZGCtf40JdqitKI9PkcV+VNj/BzoatPwp2lJk6M
nT4byk7QARArbqYmIVz7NoMpvQ+MfyJ+QRLzL16al1u+KwyEMEUUH82Do6araR0=
=9Adi
-----END PGP SIGNATURE-----
Michael Munson
Sep 16, 2016, 6:23:16 PM9/16/16
to Nathan Smith, MOO Talk
OOBC -
Out-of-band refers to any data that is sent or received outside of the main data stream (in our case for MOO's the TCP/IP port the MOO is hosted on.) Some clients support various protocols to simulate a second data stream inside the main one (instead of opening a second port and transmit/receiving on that) by way of various prefix and suffixes on the strings sent -- the client parses them and if appropriate will treat them as a data packet instead of a line of text. There are various reasons one would want to do this, the simplest example is the local-edit feature of LambdaMOO that allows you to use, if supported, a client side native text editor to edit verbs and notes instead of the LambdaMOO verb or note editor.
I don't believe there has ever been any widely distributed intentional backdoor in either the LambdaMOO, or any other server flavor or patch due to the fact that the source code is public and LambdaMOO is not such a large codebase. I've never heard of the WAIF patch having a backdoor, certainly the one I found online (v0.95) does not appear to do so. However, these additional patches or server variants probably do increase somewhat the exposure from accidental security vulnerabilities, due to the fact that usually one person is responsible for their creation and maintenance.
--
You received this message because you are subscribed to the Google Groups "MOO Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to MOO-talk+unsubscribe@googlegroups.com.
To post to this group, send email to MOO-...@googlegroups.com.
Tristan Bussiere
Sep 17, 2016, 10:48:57 AM9/17/16
to Michael Munson, Nathan Smith, MOO Talk
This is not a backdoor per say, but one thing that no one has
mentioned yet that's definitely worth covering in terms of security
for your MOO is caller checks. A fresh LambdaCore, in about 95% of
cases, does _NOT_ sanity check to see if the caller should be able to
use a verb on programmer and wizard commands. This is a weakness in
the way matching is handled server-side, and translates easily to
other things beyond programmers and wizards. If the parent of an
object has a verb, without safety checks anyone can call that verb on
the descendant.
Let's use an example: Since @dump is on Generic Programmer and we lack
any safety checks by default, any player can @dump #2 (the arch
wizard). This obviously won't yield much information, because task
permissions are set at the beginning of the verb. It does show
property names, however, which can be a security problem. This applies
to many things in LambdaCore; more than I can possibly list. Suffice
it to say I just loaded a fresh LambdaCore and was able to do @verbs
#58 because the @verbs verb is on the Generic Programmer.
You can fix this problem by doing if (player != this) at the beginning
of sensitive verbs. Remember, since default LambdaCore administrative
level commands typically set_task_perms to the player (as they
should), it's unlikely a player could do anything extremely damaging.
That doesn't minimize the risk, though, and for newer verbs you have
added by hand this could be a definite exploit.
>> email to MOO-talk+u...@googlegroups.com.
mentioned yet that's definitely worth covering in terms of security
for your MOO is caller checks. A fresh LambdaCore, in about 95% of
cases, does _NOT_ sanity check to see if the caller should be able to
use a verb on programmer and wizard commands. This is a weakness in
the way matching is handled server-side, and translates easily to
other things beyond programmers and wizards. If the parent of an
object has a verb, without safety checks anyone can call that verb on
the descendant.
Let's use an example: Since @dump is on Generic Programmer and we lack
any safety checks by default, any player can @dump #2 (the arch
wizard). This obviously won't yield much information, because task
permissions are set at the beginning of the verb. It does show
property names, however, which can be a security problem. This applies
to many things in LambdaCore; more than I can possibly list. Suffice
it to say I just loaded a fresh LambdaCore and was able to do @verbs
#58 because the @verbs verb is on the Generic Programmer.
You can fix this problem by doing if (player != this) at the beginning
of sensitive verbs. Remember, since default LambdaCore administrative
level commands typically set_task_perms to the player (as they
should), it's unlikely a player could do anything extremely damaging.
That doesn't minimize the risk, though, and for newer verbs you have
added by hand this could be a definite exploit.
>> To post to this group, send email to MOO-...@googlegroups.com.
>> Visit this group at https://groups.google.com/group/MOO-talk.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>> Visit this group at https://groups.google.com/group/MOO-talk.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "MOO Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to MOO-talk+u...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups
> "MOO Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an
Reply all
Reply to author
Forward
0 new messages