Up to Main Index Up to Journal for April, 2022
JOURNAL FOR SUNDAY 10TH APRIL, 2022
______________________________________________________________________________
SUBJECT: Waiting for patches + some of my own
DATE: Sun 10 Apr 17:30:50 BST 2022
On Monday 4th April the Go developers announced there would be a 1.18.1 and
1.17.9 security patch release on Thursday 7th April. However, the patches were
delayed and are due to be released on Tuesday 12th April. As a result I am
delaying the v0.0.19 release until the patches are available. I don’t know if
the patches will affect WolfMUD, better to be overly cautious when it comes to
security.
I hope that the patch for Go 1.18.1 will include the fixes for atomics on
32-bit platforms as this directly effects the Raspberry Pi builds. If not I'll
have to use Go 1.17.9 for building the release :(
While waiting for the Go security patches I’ve been working on some patches of
my own to address a few oversights in WolfMUD.
First of all, players can no longer execute any scripting commands directly.
Scripting commands being those that start with a dollar ‘$’ prefix. Indirect
commands, not entered at the player’s prompt, stil work. An example of such
indirect scripting commands would be $POOF and $HEALTH. To enable execution of
scripting commands outside of the core package a new core/state.Script method
has been added.
Secondly, admin permissions can now be set per user and the Debug.AllowDump
and Debug.AllowDebug configuration options in data/config.wrj no longer have
an effect. A new field called Permissions has been added in the player file
header record. This can have the value of ADMIN or a list of admin commands.
Admin commands are those that start with a hash ‘#’ character. If ADMIN is
specified the player has access to all admin commands. Otherwise, the player
only has access to the admin commands specified.
For existing players the Permissions field will be added the next time the
player file is saved. Alternatively the Permissions field can be added by an
admin manually. An example:
Account: 79fe24....
Created: Sat, 09 Apr 2022 18:55:09 +0000
Password: zJYDCj....
Permissions: ADMIN
Player: #UID-213
Salt: EI7Veb....
%%
If you need to find a specific player file, the filename is the MD5 hash of
the account ID. For example:
>echo -n "diddymus@wolfmud.org" | md5sum
90d9988c2b7014d622a62681e5643674 -
>vim data/players/90d9988c2b7014d622a62681e5643674.wrj
These instructions have been detailed in docs/running-the-server.txt under the
“Administrators” section. I hope to improve how administrators are added in
the future, rather than having to edit the player files directly.
There is also a fix to the ugly imp’s actions in the caves south of Zinara.
Finally, there is a new build-chroot target in the Makefile. The target
results in a minimal environment being built suitable for running in a chroot
jail. This is mainly useful for testing and running the server in isolation.
All of these changes are now out on the public dev branch.
--
Diddymus
Up to Main Index Up to Journal for April, 2022