SMF Support > SMF 2.0.x Support
Are mods safe?
Arantor:
Interesting idea, very interesting.
Although I took the simpler view and simply disallowed any mods to modify any files. Yes, it limits the permutations of what a mod can do but the amount of sanity-checking and safety you can introduce for doing so seemed more than beneficial to me ;)
butchs:
It seems I have streayed off subject a tad. I agree with your thoughts on mods. My ideas extend to protect against those who call them self Elite, that I know abzolutly nothing about, who with inspiration can do terrible things without mod access.
I am sure, you review all code before placing it on site. With the permission of the mod author, you can fix the functions the bots attack. There are few who have the skills can do that sorta thing. Many SMF users can not. You are among the few bright shinning lights: The protectors of the innocent...
God knows, it has not happened yet! But some day, some time, a bad guy just may find His or Her way past the armor, possibly via a host's weakness and, edit code they should not have. I rest my point.
O:)
Arantor:
Here's the thing: how many admins actually understand the consequences of the changes that a mod makes? They can, right now, out of the base SMF, see exactly what changes a given mod will make to their code.
How many admins even look at it other than see the list of files to be edited? How admins would, if looking at the code, understand what the changes mean?
In the case I cited, where someone modified the allowedTo() code itself, it was only because the person who is an admin had suspicions about the person they had contracted to carry out changes, and noticed that an edit had been made in a place that did not need to be changed - in this case, your suggestion would certainly have saved some heartache. However, I think that - sad as I am to admit it - it's a lot of work for far too few people to make benefit of.
Consider Vista. Vista for its ills gave us a wonderful example of what happens with trying to help users be more secure. You just end up giving them message after message and people just agree to it in the end to make it go away, without understanding the consequences of what they're agreeing to.
You and I might be able to keep ourselves safe by reviewing code - but that's because we know how to code and can understand the consequences of the code we're adding. Most people aren't, and by giving them something that would make them feel more secure, but that they would just click through anyway, would actually be leaving them less secure.
That's why my approach going forward is to not allow any core edits to be done at all and mandate that everything is done by hooks, or failing that, documented changes - nothing that can be implemented automatically by a system. Then, you never have a reason to make files writable by the webserver under any circumstances, neutering the main attack vectors entirely.
That at least solves all the problems related to file permissions which are a serious security risk in SMF through use of mods - but certainly not the only risk.
Navigation
[0] Message Index
[*] Previous page
Go to full version