MPI Processes are always on #-1? (SF Issue)

[tanabi]

The following commands:

@create bug
@desc bug={delay:20,{lit:{store:bar,foo,this}}}
look bug
@rec bug

will leave the process created by the look in the timequeue. If no other object is created, when the process comes out of suspend, it will abort with "garbage trigger". However, if another object is created and kept across the trigger-time, the code will be executed as the original object owner but (apparently) with the permissions of the new object owner. This seems like a potential security flaw.

This appears to be {delay} setting the program-object field of the resulting MPI process to #-1 in all cases. @kill on an object with MPI processes also does not work; it reports that no processes were found.

Looking at the source, I see, at line 287 in add_mpi_event() in timequeue.c, that it calls add_event with a program arg of NOTHING in all cases. Should this be trig instead? Changing NOTHING to trig seems to cause this error to disappear. I have not done more exhaustive testing or analysis of this potential fix.

... or not. @ps now reports the object dbref correctly, but the persistence across @recycle remains. Also, an MPI process on an object that gets @chowned is not killable or listable by the new object owner, which again seems like a possible security flaw, unless that's supposed to be just one of the risks of @chowning objects, which at least sounds plausible enough.

And I'm going to stop adding so many comments now.