[MUD-Dev] strong encryption for authentication
fclift at verio.net
Mon Jul 16 17:07:33 New Zealand Standard Time 2001
On Fri, 13 Jul 2001, J C Lawrence wrote:
> On Fri, 13 Jul 2001 11:28:10 -0600 (MDT)
> Fred Clift <fclift at verio.net> wrote:
>> My main motivation here is to not allow someone to leverage mud
>> access into local shell access (and thence into root access on
>> the box).
> Are you running in a chroot()ed environment?
Doesn't matter -- it's usually not too hard to break out of chrooted
environment - FreeBSD jail is marginally better, but still needs
> Presuming you are running Linux, I would be tempted to install one
> of the (many) capabilities systems and then carefully restrict
> both the capabilities of your game server, its children, the
> account it runs under as well root itself (I normally like bolting
> down root to the point that it can't actually do anything without
> a controlled reboot with console access to bring the system back
> up in a mode where root can actually do things).
chflags (schg) on freebsd lets you make binaries immutable -- if you
are in the right security mode, then you have to be in single user
mode to un-'immutable'-ize binaries... (though I've not been using
this feature :)
> What clients are they using on what platforms? For *nix systems
Hm -- some windows, some unix (linux) but yeah -- from either of
those platforms you can ssh tunnel for people I tust with shell
access. For those I dont, I'd rather have something more tightly
integrated into the game so I can do access-control (per IP etc) and
have good logging. Openssl has most of it's functions in a library
that I can link in I guess...
> I'd be more tempted to setup MindTerm's Java SSH client under an
> SSL webpage such that it logs directly into your game server.
Hm -- this isn't a bad idea that I hadn't yet considered...
Fred Clift - fclift at verio.net -- Remember: If brute
force doesn't work, you're just not using enough.
MUD-Dev mailing list
MUD-Dev at kanga.nu
More information about the MUD-Dev