MUD-Dev
mailing list archive
[ Other Periods
| Other mailing lists
| Search
]
Date:
[ Previous
| Next
]
Thread:
[ Previous
| Next
]
Index:
[ Author
| Date
| Thread
]
Re: [MUD-Dev] (fwd) Functional Security
Matt Chatterley <matt#mpc,dyn.ml.org> writes:
> It does exist in MudOS, but yes, is often downplayed, it seems. I haven't
> gone to any great lengths to change this (the only functions that I have
> really secured are those that interface with the FS and other 'sensitive'
> parts of the game backbone.
>
> One problem with introducing heavy function-security is that unless you
> design it in what appears (to me) a quite cumbersome way, you will cause
> problems when you wish unprivaleged objects to interact with each other in
> theoretically sensitive ways.
Actually Cold seems to have solved this problem: It has the following
mechanisms:
1) bind() - binds primitive function to an object. After that,
only the methods on the object can invoke the function
2) native methods - C function can be interfaced with Cold
in such a way that it appears to be ordinary method for all
practical purposes (except that you can't list its source)
3) private/public/protected method flags - these do the same
thing as in C++ - they limit the objects that can call
methods
4) no_override flag - flag a method with this and it can't
be overriden on the descendants of the object
This is enough for a simple /and/ powerful security mechanisms
implemented in the core. Most methods that need protection simply do
(> .perms(caller(), <permission type>) <); which calls no_override
root method that performs the actual perm check and throws an error if
necessary ((> <) is error propagation operator). So, layers are like
this:
bottom: sensitive functions are bound to relevant objects
(dumping, shutdown etc. to $sys, networking to the generic
connection, and so on).
perm checks: methods on the root object that can be invoked
with a nice syntax from wherever they are needed
ring permission attributes: Cold maintains
manager/writer/readed/trusted lists for each object.
$root.perm method is a clean interface to this.
Source for $root.perms is at
http://ice.cold.org/bin/method?target=$root.perms
Miro
--
I refuse to use .sig
- Thread context:
- Re: [MUD-Dev] (fwd) Functional Security,
Felix A. Croes felix#xs1,simplex.nl, Fri 20 Mar 1998, 16:40 GMT
- (fwd) Functional Security,
J C Lawrence claw#under,engr.sgi.com, Fri 20 Mar 1998, 00:04 GMT
- Re: [MUD-Dev] Transport layer (UDP vs TCP),
Chris Gray cg#ami-cg,GraySage.Edmonton.AB.CA, Thu 19 Mar 1998, 01:54 GMT
- Re: [MUD-Dev] SfD: Clientside Caching,
Chris Gray cg#ami-cg,GraySage.Edmonton.AB.CA, Thu 19 Mar 1998, 01:54 GMT
- SIMULATING FUTURE HISTORIES: THE NAU SOLAR SYSTEM SIMULATION & MARS SETTLEMENT,
J C Lawrence claw#under,engr.sgi.com, Thu 19 Mar 1998, 00:42 GMT
[ Other Periods
| Other mailing lists
| Search
]