SYNOPSIS int privilege_violation(string op, mixed who, mixed arg, mixed arg2, mixed arg3) DESCRIPTION Validate the execution of a privileged operation. op denotes the requested operation, who is the object requesting the operation (file_name or object pointer), and are additional arguments, depending on the operation. The function should return >0 to grant the privilege, 0 to indicate that the caller was probably misled and the error might be fixed, and anything else to indicate a real violation that will be handled as run time error. The privileged operations are: attach_erq_demon : Attach the erq demon to object with flag . bind_lambda : Bind a lambda-closure to object . call_out_info : Return an array with all call_out informations. configure_interactive : Set option with value as default (==0) or for object . configure_object : Set option with value for object . configure_lwobject : Set option with value for lwobject . configure_driver : Set option to value(s) . enable_telnet : Enable/disable telnet () for object . execute_command : Execute command string for the object . erq : At the request is to be sent to the : erq-demon by the object . garbage_collection : Object calls the efun garbage_collection() with as filename and as flag. input_to : Object redirects the next input from commandgiver , using as value for the flags. This is used for flag values including the 'no bang' option. limited : Execute with reduced/changed limits (as return by query_limits()). mysql : Object attempted to execute mySQL efun . pgsql : Object attempted to execute Postgres efun . pragma no_simul_efuns : The program wants to use this pragma. net_connect : Attempt to open a connection to host , port . nomask simul_efun : Attempt to get an efun via efun:: when it is shadowed by a nomask type simul_efun. rename_object : The object tries to rename the object to the name . send_udp : Send UDP-data to host . get_extra_wizinfo : Get the additional wiz-list info for user . set_extra_wizinfo : Set the additional wiz-list info for user . set_extra_wizinfo_size : Set the size of the additional user info in the wiz-list to . set_driver_hook : Set hook to . set_limits : Set limits to (as returned by query_limits()). set_max_commands : Set the max. number of commands interactive object can issue per second to . set_this_object : Set this_object() to . shadow_add_action : Add an action to function of object from the shadow which is shadowing . shutdown : Object calls the efun shutdown with as argument. sqlite_pragma : Execute pragma statement in SQLite. symbol_variable : Attempt to make a symbol from a hidden inherited variable. is the object in question, the number of the variable in the variable table. variable_list : An attempt to return the variable values of object is made from a different object . wizlist_info : Return an array with all wiz-list information. call_out_info() can return the arguments to functions and lambda closures to be called by call_out(); you should consider that read access to closures, mappings and arrays means write access and/or other privileges. wizlist_info() will return an array which holds, among others, the extra wizlist field. While a toplevel array, if found, will be copied, this does not apply to nested arrays or to any mappings. You might also have some sensitive closures there. send_udp() should be watched as it could be abused. The xxx_extra_wizinfo operations are necessary for a proper wizlist and should therefore be restricted to admins. All other operations are potential sources for direct security breaches - any use of them should be scrutinized closely. HISTORY LDMud 3.2.10 added the "enable_telnet", "net_connect", "set_max_commands" and "variable_list" violations. LDMud 3.3.563 added the passing of the limits to the "limited" and "set_limits". LDMud 3.2.11/3.3.640 added the "mysql" violation. LDMud 3.3.717 added the "sqlite_pragma" violation. SEE ALSO net_connect(E), send_erq(E), set_this_object(E), rename_object(E), simul_efun(C), call_out_info(E), shadow(E), add_action(E), bind_lambda(E), send_udp(E), input_to(E), execute_command(E), variable_list(E), enable_telnet(E), mysql(C)