Dokumentation zu: privilege_violation(M)

HR Image

        int privilege_violation(string op, mixed who, mixed arg, mixed arg2, mixed arg3)

        Validate the execution of a privileged operation.
        op denotes the requested operation, who is the object
        requesting the operation (file_name or object pointer), <arg>
        and <arg2> are additional arguments, depending on the operation.

        The function should return >0 to grant the privilege, 0 to
        indicate that the caller was probably misled and the error
        might be fixed, and anything else to indicate a real
        violation that will be handled as run time error.

        The privileged operations are:
        attach_erq_demon       : Attach the erq demon to object <arg> with
                                 flag <arg2>.
        bind_lambda            : Bind a lambda-closure to object <arg>.
        call_out_info          : Return an array with all call_out
        configure_interactive  : Set option <arg2> with value <arg3> as
                                 default (<arg>==0) or for object <arg>.
        configure_object       : Set option <arg2> with value <arg3> for
                                 object <arg>.
        configure_driver       : Set option <arg1> to value(s) <arg2>.
        enable_telnet          : Enable/disable telnet (<arg2>) for object
        execute_command        : Execute command string <arg2> for the object
        erq                    : At the request <arg2> is to be sent to the
                               : erq-demon by the object <who>.
        garbage_collection     : Object <who> calls the efun
                                 garbage_collection() with <arg> as filename
                                 and <arg2> as flag.
        input_to               : Object <who> redirects the next input from
                                 commandgiver <arg>, using <arg2> as value
                                 for the flags. This is used for flag values
                                 including the 'no bang' option.
        limited                : Execute <arg> with reduced/changed limits
                                 1<arg2> (as return by query_limits()).
        mysql                  : Object <who> attempted to execute mySQL efun
        pgsql                  : Object <who> attempted to execute Postgres efun
        net_connect            : Attempt to open a connection to host <arg>,
                                 port <arg2>.
        nomask simul_efun      : Attempt to get an efun <arg> via efun:: when
                                 it is shadowed by a nomask type simul_efun.
        rename_object          : The object <who> tries to rename the object
                                 <arg> to the name <arg2>.
        send_udp               : Send UDP-data to host <arg>.
        get_extra_wizinfo      : Get the additional wiz-list info for user
        set_extra_wizinfo      : Set the additional wiz-list info for user
        set_extra_wizinfo_size : Set the size of the additional user
                                 info in the wiz-list to <arg>.
        set_driver_hook        : Set hook <arg> to <arg2>.
        set_limits             : Set limits to <arg> (as returned by
        set_max_commands       : Set the max. number of commands interactive
                                 object <arg> can issue per second to <arg2>.
        set_this_object        : Set this_object() to <arg>.
        shadow_add_action      : Add an action to function <arg2> of object
                                 <arg> from the shadow <who> which is shadowing
        shutdown               : Object <who> calls the efun shutdown with <arg>
                                 as argument.
        sqlite_pragma          : Execute pragma statement in SQLite.
        symbol_variable        : Attempt to make a symbol from a hidden
                                 inherited variable. <arg> is the object in
                                 question, <arg2> the number of the variable in
                                 the variable table.
        variable_list          : An attempt to return the variable values of
                                 object <arg> is made from a different object
        wizlist_info           : Return an array with all wiz-list

        call_out_info() can return the arguments to functions and
        lambda closures to be called by call_out(); you should
        consider that read access to closures, mappings and arrays
        means write access and/or other privileges.
        wizlist_info() will return an array which holds, among others,
        the extra wizlist field. While a toplevel array, if found,
        will be copied, this does not apply to nested arrays or to any
        mappings. You might also have some sensitive closures there.
        send_udp() should be watched as it could be abused.
        The xxx_extra_wizinfo operations are necessary for a proper
        wizlist and should therefore be restricted to admins.
        All other operations are potential sources for direct security
        breaches - any use of them should be scrutinized closely.

        LDMud 3.2.10 added the "enable_telnet", "net_connect",
           "set_max_commands" and "variable_list" violations.
        LDMud 3.3.563 added the passing of the limits to the "limited"
           and "set_limits".
        LDMud 3.2.11/3.3.640 added the "mysql" violation.
        LDMud 3.3.717 added the "sqlite_pragma" violation.

        net_connect(E), send_erq(E), set_this_object(E), rename_object(E),
        simul_efun(C), call_out_info(E), shadow(E), add_action(E),
        bind_lambda(E), send_udp(E), input_to(E), execute_command(E),
        variable_list(E), enable_telnet(E), mysql(C)

Start » Magierhandbuch » Docu » Master » Privilege_violation Letzte Generierung: 25.04.2021, 01:58
Email an:
Valid HTML 4.01!