SYNOPSIS int privilege_violation(string op, mixed who, mixed arg, mixed arg2) DESCRIPTION Validate the execution of a privileged operation. op denotes the requested operation, who is the object requesting the operation (file_name or object pointer), and are additional arguments, depending on the operation. The function should return >0 to grant the privilege, 0 to indicate that the caller was probably misleaded and the error might be fixed, and anything else to indicate a real violation, that will be handled as run time error. The privileged operations are: attach_erq_demon Attach the erq demon to object with flag . bind_lambda Bind a lambda-closure to object . call_out_info Return an array with all call_out informations. enable_telnet Enable/disable telnet () for object . execute_command Execute command string for the object . erq A the request is to be send to the erq-demon by the object . input_to Object redirects the next input from commandgiver , using as value for the flags. This is used for flag values including the 'no bang' option. limited Execute with reduced/changed limits (as return by query_limits()). mysql Object attempted to execute mySQL efun . pgsql Object attempted to execute Postgres efun . net_connect Attempt to open a connection to host , port . nomask simul_efun Attempt to get an efun via efun:: when it is shadowed by a nomask type simul_efun. rename_object The object tries to rename the object to the name . send_udp Send UDP-data to host . get_extra_wizinfo Get the additional wiz-list info for user . set_extra_wizinfo Set the additional wiz-list info for user . set_extra_wizinfo_size Set the size of the additional user info in the wiz-list to . set_driver_hook Set hook to . set_limits Set limits to (as returned by query_limits()). set_max_commands Set the max. number of commands interactive object can issue per second to . set_this_object Set this_object() to . shadow_add_action Add an action to function of object from the shadow which is shadowing . symbol_variable Attempt to make a symbol from a hidden inherited variable. is the object in question, the number of the variable in the variable table. variable_list An attempt to return the variable values of object is made from a different object . wizlist_info Return an array with all wiz-list information. call_out_info() can return the arguments to functions and lambda closures to be called by call_out(); you should consider that read access to closures, mappings and arrays means write access and/or other privileges. wizlist_info() will return an array which holds, among others, the extra wizlist field. While a toplevel array, if found, will be copied, this does not apply to nested arrays or to any mappings. You might also have some sensitive closures there. send_udp() should be watched as it could be abused. The xxx_extra_wizinfo operations are necessary for a proper wizlist and should therefore be restricted to admins. All other operations are potential sources for direct security breaches - any use of them should be scrutinized closely. HISTORY LDMud 3.2.10 added the "enable_telnet", "net_connect", "set_max_commands" and "variable_list" violations. LDMud 3.3.563 added the passing of the limits to the "limited" and "set_limits". LDMud 3.2.11/3.3.640 added the "mysql" violation. SEE ALSO net_connect(E), send_erq(E), set_this_object(E), rename_object(E), simul_efun(C), call_out_info(E), shadow(E), add_action(E), bind_lambda(E), send_udp(E), input_to(E), execute_command(E), variable_list(E), enable_telnet(E), mysql(C)