Register Log In

Forums Feature Suggestions mIRC php style 'safe mode'

Print Thread

mIRC php style 'safe mode' #27076 30/05/03 05:10 PM
Joined: Feb 2003 Posts: 309 Adelaide, Australia C CloCkWeRX OP Fjord artisan
OP CloCkWeRX Fjord artisan C Joined: Feb 2003 Posts: 309 Adelaide, Australia	mIRC already disables /run and /dll, but I can think of a few ways still to do evil things. Whadda bout a 'safe mode' switch (which can be configured in an advanced panel), enabled by default, so that users who don't understand WHAT A DLL OR PROGRAM DOES, they will have to actively fight thru dialog warnigns to enable it. Features to disable, suggestion: Any files in mIRCdir or above, specifically mirc.ini's: /write [-c] /copy [-o] $findfile Other sockets - debatable, they have a lot of positive uses, but do you want people to be able to read the contents of your files to an open socket? Which isn't too hard... /com /run & /dll of course... /load from anywhere but the commandline there's prolly a few more but i'm tired... http://www.ahsonline.com.au/dod/FOAF.rdf

Re: mIRC php style 'safe mode' #27077 30/05/03 05:36 PM
Joined: Dec 2002 Posts: 2,809 C codemastr Hoopy frood
codemastr Hoopy frood C Joined: Dec 2002 Posts: 2,809	Well the problem is, there are several other commands that can do the same thing that /write and /copy can do. /remove /rename /bwrite /btrunc /writeini /remini /filter /rmdir, even something like /hsave /log /save or /savebuf could be used to overwrite a file. If you did /log on # -f C:\windows\some.important.file it could have just as much of a damaging effect as using /remove. Basically the point I'm trying to make is, to be 100% secure you'd have to disable so much... is it really worth it? However, I do 100% agree with the ability to disable COM, seeing as how COM gives access to the registry, COM could be used to disable the locks on other commands such as /dll and /run by overwriting the registry entry that locks them, so COM should certainly be lockable.

Re: mIRC php style 'safe mode' #27078 01/06/03 02:57 AM
Joined: Feb 2003 Posts: 309 Adelaide, Australia C CloCkWeRX OP Fjord artisan
OP CloCkWeRX Fjord artisan C Joined: Feb 2003 Posts: 309 Adelaide, Australia	The easy way to do that is enforce 'directory permissons' of a sort; don't allow logging actions anywhere but the logdir, etc etc. http://www.ahsonline.com.au/dod/FOAF.rdf

Re: mIRC php style 'safe mode' #27079 01/06/03 10:52 AM
Joined: Dec 2002 Posts: 39 Spain L Larra Ameglian cow
Larra Ameglian cow L Joined: Dec 2002 Posts: 39 Spain	Is not what windows user accounts and permissions are for?

Re: mIRC php style 'safe mode' #27080 01/06/03 05:36 PM
Joined: Dec 2002 Posts: 2,809 C codemastr Hoopy frood
codemastr Hoopy frood C Joined: Dec 2002 Posts: 2,809	I'm thinking what he means is more like a Java applet "sandbox" where the script can do everything that is in the sandbox, but it can't access things outside the sandbox without explicit permission from the client. Meaning Windows user accounts limit you to more than just the mIRC directory, which is probably where a script should be confined to.

Re: mIRC php style 'safe mode' #27081 02/06/03 08:01 AM
Joined: Jan 2003 Posts: 154 B BoredNL Vogon poet
BoredNL Vogon poet B Joined: Jan 2003 Posts: 154	The "sandbox" idea should definately be OPTIONAL if added. I do not want my mIRC to be limited to it's own directory.. - Wherever you go there you are.[color:lightgreen]

Sandbox! (was: mIRC php style 'safe mode') #27082 03/06/03 08:18 AM
Joined: Feb 2003 Posts: 2,812 Raccoon Hoopy frood
Raccoon Hoopy frood Joined: Feb 2003 Posts: 2,812	a Sandbox should definitely come default on mIRC, placed in the upright and LOCKED position. A significant amount of troublesome, and difficult to explain, disabling should be required to unlock it. - Raccoon Well. At least I won lunch. Good philosophy, see good in bad, I like!

Link Copied to Clipboard