-Known Bugs in LambdaCore 1Oct94-
$recycler:request lets you request any item. How to Exploit: This verb is really serious. You can move any object into the $recycler
and then request it. The recycler doesn't normally accept objects, but
in #1:moveto it does a set_task_perms(this.owner) before doing a move().
If the object is owned by a wizard the
move() call becomes wizardly and thus can move stuff anywhere even though
:accept returns 0. So you can request stuff afterwards and take wizard's
owned objects. (What? Somedumbwiz got #100 and you wanted it? Steal it!)
If you want to crash the MOO you ca
n always move #0 or #1 in there.... How to Fix: Wizards should fix this hole immediately in $recycler:request. Make a
check to see if the object is $garbage before requesting it. You could
also fix it in $recycler:setup_toad but that's pretty redundant since
request is the only verb that is unprotected
. #1:moveto also seems to be a bug, but so far I haven't found an
acceptable way to fix it. More on this later...
[Previous Page][Next Page][Contents]