Go Back   EQEmulator Home > EQEmulator Forums > Archives > Archive::Development > Archive::Development

Archive::Development Archive area for Development's posts that were moved here after an inactivity period of 90 days.

Reply
 
Thread Tools Display Modes
  #16  
Old 11-19-2003, 03:56 AM
Trumpcard
Demi-God
 
Join Date: Jan 2002
Location: Charlotte, NC
Posts: 2,614
Default

It would be a pretty bad solution if there wasnt a way to ensure everything was read only. embperl was designed for embedding perl into html pages, im sure it can handle that type of permissions checking.

I doubt anyone is going to be able to drop in 'rm -rf /*' .
__________________
Quitters never win, and winners never quit, but those who never win and never quit are idiots.
Reply With Quote
  #17  
Old 11-19-2003, 04:26 AM
Mongrel
Hill Giant
 
Join Date: Jul 2003
Location: Germany
Posts: 232
Default

As I said, I'm a total n00b concerning Perl. Until today I only knew that it existed somewhere, hehe.
Mind you, I'm not trying to stir up shit here, just trying to help. "Perl worms" were the first thing that came into my mind after reading the previous posts, so I just wanted to mention it.

What exactly is the difference between Perl and embedded Perl (embperl)?

I looked around on perl.com and /perl.apache.org/embperl for a bit, but couldn't find an exact explanation of the differences.
Perl has lots of low level IO functions, embperl doesn't seem to have these. Is embperl just an addition to normal Perl featuring all functions of its "father"?

If so, it might be a good idea to block their use in EQEmu.
Reply With Quote
  #18  
Old 11-19-2003, 10:04 AM
Eglin
Hill Giant
 
Join Date: Nov 2003
Posts: 168
Default

Quote:
Originally Posted by Mongrel
I admit, I have no real clue about Perl, but wouldn't this allow quest writers to access other peoples hard drives? Perl seems powerful enough to me to make that possible.
(If it doesn't, just ignore me :oops:)

I can already see them coming ... "HERE!1! Use htis and HAil UR giuldmastre 2 GET KEWL STUFF!!!11!!" ... "Hail, Monk GM" ... bang, hard disks empty :shock:
Yeah, security is always an issue. I imagine that embperl, should it catch on, will become slowly more refined, though. Since perl is a veteran of CGI, it already has powerful security features that could be applied (and currently aren't). If you want to enable Perl, but are highly concerned about security, I'd recommend enabling taint checking or disabling the #plugin interface, chroot'ing the process, and only using quests that you have written/converted yourself. Perl exposes a lot of power... that is precisely why I wanted to embed it.
Reply With Quote
  #19  
Old 11-19-2003, 10:17 AM
Eglin
Hill Giant
 
Join Date: Nov 2003
Posts: 168
Default

[quote="Mongrel"]As I said, I'm a total n00b concerning Perl. Until today I only knew that it existed somewhere, hehe.
Mind you, I'm not trying to stir up shit here, just trying to help. "Perl worms" were the first thing that came into my mind after reading the previous posts, so I just wanted to mention it.
[quote]
Don't sweat it... it is a valid concern.

Quote:
What exactly is the difference between Perl and embedded Perl (embperl)?
The only real difference is that embedded perl is embedded into another program in some way. You should be able to do everything (and then some) that a standalone perl script could do.

Quote:
I looked around on perl.com and /perl.apache.org/embperl for a bit, but couldn't find an exact explanation of the differences.
There isn't too much info on it. I am only aware of a handful of popular programs (2 irc clients, Apache, a few others) that have full-fledged native perl interfaces (as opposed to wsh interfaces).

Quote:
Perl has lots of low level IO functions, embperl doesn't seem to have these. Is embperl just an addition to normal Perl featuring all functions of its "father"?
No, this implementation can do everything that standalone perl can do.

Quote:
If so, it might be a good idea to block their use in EQEmu.
I doubt it. At present (assuming the #peval interface is not avaliable), there is no way for an end-user to directly inject their code into perl. To be subject to most errors, you would have to have bad quest code. If you are really worried about security, you would have to review each quest. Otherwise, you are implicitly trusting the authors (just like with eqemu itself). The bottom-line is that in most cases a user would have to have already compromised you system with a priviledge escalation attack in order to abuse perl. To the person who can already do this, perl's avaliability is only a slignt convenience.
Reply With Quote
  #20  
Old 11-21-2003, 09:13 AM
kai_shadowbane
Sarnak
 
Join Date: Sep 2003
Posts: 67
Default

I'll try to not sound like an utter fool here, but here goes:

Wouldn't the parser have to be written in C or C++, since it would have to directly interface with the zone server interactively. (not like just loading something up once, b/c if you load all that in memory initially that would definately be a memory hog) Basically my thought came from that it would have to spawn and despawn mobs and such. And if when written in C or C++ (might be better languages initially, not too sure what all is out there that's cross-platform compat.), then be optimized in ASM.
Techincally, having each seperate quest in a text for is great, since it only has to access a small file for each quest, and then each text file identified with a mob is great as well.

Well, there was was babbling on in random thought, and I probably still came off like a fool, but if you have any comments to ease my curiosity, please feel free.

EDIT:
Side thought, what about writing it in a scripting language?
__________________
The downside of being better than everyone else, is that people have a tendancy to think you're pretentious.
Reply With Quote
  #21  
Old 11-22-2003, 01:29 PM
Eglin
Hill Giant
 
Join Date: Nov 2003
Posts: 168
Default

Quote:
Originally Posted by kai_shadowbane
I'll try to not sound like an utter fool here, but here goes:

Wouldn't the parser have to be written in C or C++, since it would have to directly interface with the zone server interactively. (not like just loading something up once, b/c if you load all that in memory initially that would definately be a memory hog) Basically my thought came from that it would have to spawn and despawn mobs and such. And if when written in C or C++ (might be better languages initially, not too sure what all is out there that's cross-platform compat.), then be optimized in ASM.
Techincally, having each seperate quest in a text for is great, since it only has to access a small file for each quest, and then each text file identified with a mob is great as well.

Well, there was was babbling on in random thought, and I probably still came off like a fool, but if you have any comments to ease my curiosity, please feel free.

EDIT:
Side thought, what about writing it in a scripting language?
I have no idea what you're going on about. When you read your own post, what kind of responses do you think you might get from it?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

   

All times are GMT -4. The time now is 05:37 AM.


 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3