[MUD-Dev] strong encryption for authentication

Fred Clift fclift at verio.net
Mon Jul 16 17:07:33 New Zealand Standard Time 2001

On Fri, 13 Jul 2001, J C Lawrence wrote:
> On Fri, 13 Jul 2001 11:28:10 -0600 (MDT) 
> Fred Clift <fclift at verio.net> wrote:

>> My main motivation here is to not allow someone to leverage mud
>> access into local shell access (and thence into root access on
>> the box).

> Are you running in a chroot()ed environment?

Doesn't matter -- it's usually not too hard to break out of chrooted
environment - FreeBSD jail is marginally better, but still needs
some work.

> Presuming you are running Linux, I would be tempted to install one
> of the (many) capabilities systems and then carefully restrict
> both the capabilities of your game server, its children, the
> account it runs under as well root itself (I normally like bolting
> down root to the point that it can't actually do anything without
> a controlled reboot with console access to bring the system back
> up in a mode where root can actually do things).

chflags (schg) on freebsd lets you make binaries immutable -- if you
are in the right security mode, then you have to be in single user
mode to un-'immutable'-ize binaries... (though I've not been using
this feature :)

> What clients are they using on what platforms?  For *nix systems
> an...

Hm -- some windows, some unix (linux) but yeah -- from either of
those platforms you can ssh tunnel for people I tust with shell
access.  For those I dont, I'd rather have something more tightly
integrated into the game so I can do access-control (per IP etc) and
have good logging.  Openssl has most of it's functions in a library
that I can link in I guess...

> I'd be more tempted to setup MindTerm's Java SSH client under an
> SSL webpage such that it logs directly into your game server.

Hm -- this isn't a bad idea that I hadn't yet considered...


Fred Clift - fclift at verio.net -- Remember: If brute 
force doesn't work, you're just not using enough.

MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list