SYNOPSIS

int privilege_violation( string op, mixed who, mixed arg, mixed arg2, mixed arg3)

DESCRIPTION

Validate the execution of a privileged operation. op denotes the requested operation, who is the object requesting the operation (file_name or object pointer), arg and arg2 are additional arguments, depending on the operation.

The function should return >0 to grant the privilege, 0 to indicate that the caller was probably misled and the error might be fixed, and anything else to indicate a real violation that will be handled as run time error.

The privileged operations are:

attach_erq_demon
Attach the erq demon to object arg with flag arg2.
bind_lambda
Bind a lambda-closure to object arg.
call_out_info
Return an array with all call_out informations.
configure_interactive
Set option arg2 with value arg3 as default (arg==0) or for object arg.
configure_driver
Set option arg1 to value(s) arg2.
enable_telnet
Enable/disable telnet (arg2) for object arg.
execute_command
Execute command string arg2 for the object arg.
erq
At the request arg2 is to be sent to the erq-demon by the object who.
garbage_collection
Object who calls the garbage_collection(E) with arg as filename and arg2 as flag.
input_to
Object who redirects the next input from commandgiver arg, using arg2 as value for the flags. This is used for flag values including the ‘no bang’ option.
limited
Execute arg with reduced/changed limits arg2 (as return by query_limits(E)).
mysql
Object who attempted to execute mySQL efun arg.
pgsql
Object who attempted to execute Postgres efun arg.
net_connect
Attempt to open a connection to host arg, port arg2.
nomask simul_efun
Attempt to get an efun arg via efun:: when it is shadowed by a nomask type simul_efun.
rename_object
The object who tries to rename the object arg to the name arg2.
send_udp
Send UDP-data to host arg.
get_extra_wizinfo
Get the additional wiz-list info for user arg.
set_extra_wizinfo
Set the additional wiz-list info for user arg.
set_extra_wizinfo_size
Set the size of the additional user info in the wiz-list to arg.
set_driver_hook
Set hook arg to arg2.
set_limits
Set limits to arg (as returned by query_limits(E)).
set_max_commands
Set the max. number of commands interactive object arg can issue per second to arg2.
set_this_object
Set this_object() to arg.
shadow_add_action
Add an action to function arg2 of object arg from the shadow who which is shadowing arg.
shutdown
Object who calls the efun shutdown with arg as argument.
sqlite_pragma
Execute pragma statement in SQLite.
symbol_variable
Attempt to make a symbol from a hidden inherited variable. arg is the object in question, arg2 the number of the variable in the variable table.
variable_list
An attempt to return the variable values of object arg is made from a different object who.
wizlist_info
Return an array with all wiz-list information.

call_out_info(E) can return the arguments to functions and lambda closures to be called by call_out(E); you should consider that read access to closures, mappings and arrays means write access and/or other privileges. wizlist_info(E) will return an array which holds, among others, the extra wizlist field. While a toplevel array, if found, will be copied, this does not apply to nested arrays or to any mappings. You might also have some sensitive closures there. send_udp(E) should be watched as it could be abused. The xxx_extra_wizinfo operations are necessary for a proper wizlist and should therefore be restricted to admins. All other operations are potential sources for direct security breaches - any use of them should be scrutinized closely.

HISTORY

  • changed (3.2.10) – added the “enable_telnet”, “net_connect”, “set_max_commands” and “variable_list” violations.
  • changed (3.3.563) – added the passing of the limits to the “limited” and “set_limits”.
  • changed (3.2.11/3.3.640) – added the “mysql” violation.
  • changed (3.3.717) – added the “sqlite_pragma” violation.