Up to Main Index Up to Journal for April, 2022 JOURNAL FOR SUNDAY 10TH APRIL, 2022 ______________________________________________________________________________ SUBJECT: Waiting for patches + some of my own DATE: Sun 10 Apr 17:30:50 BST 2022 On Monday 4th April the Go developers announced there would be a 1.18.1 and 1.17.9 security patch release on Thursday 7th April. However, the patches were delayed and are due to be released on Tuesday 12th April. As a result I am delaying the v0.0.19 release until the patches are available. I don’t know if the patches will affect WolfMUD, better to be overly cautious when it comes to security. I hope that the patch for Go 1.18.1 will include the fixes for atomics on 32-bit platforms as this directly effects the Raspberry Pi builds. If not I'll have to use Go 1.17.9 for building the release :( While waiting for the Go security patches I’ve been working on some patches of my own to address a few oversights in WolfMUD. First of all, players can no longer execute any scripting commands directly. Scripting commands being those that start with a dollar ‘$’ prefix. Indirect commands, not entered at the player’s prompt, stil work. An example of such indirect scripting commands would be $POOF and $HEALTH. To enable execution of scripting commands outside of the core package a new core/state.Script method has been added. Secondly, admin permissions can now be set per user and the Debug.AllowDump and Debug.AllowDebug configuration options in data/config.wrj no longer have an effect. A new field called Permissions has been added in the player file header record. This can have the value of ADMIN or a list of admin commands. Admin commands are those that start with a hash ‘#’ character. If ADMIN is specified the player has access to all admin commands. Otherwise, the player only has access to the admin commands specified. For existing players the Permissions field will be added the next time the player file is saved. Alternatively the Permissions field can be added by an admin manually. An example: Account: 79fe24.... Created: Sat, 09 Apr 2022 18:55:09 +0000 Password: zJYDCj.... Permissions: ADMIN Player: #UID-213 Salt: EI7Veb.... %% If you need to find a specific player file, the filename is the MD5 hash of the account ID. For example: >echo -n "diddymus@wolfmud.org" | md5sum 90d9988c2b7014d622a62681e5643674 - >vim data/players/90d9988c2b7014d622a62681e5643674.wrj These instructions have been detailed in docs/running-the-server.txt under the “Administrators” section. I hope to improve how administrators are added in the future, rather than having to edit the player files directly. There is also a fix to the ugly imp’s actions in the caves south of Zinara. Finally, there is a new build-chroot target in the Makefile. The target results in a minimal environment being built suitable for running in a chroot jail. This is mainly useful for testing and running the server in isolation. All of these changes are now out on the public dev branch. -- Diddymus Up to Main Index Up to Journal for April, 2022