Complete.Org: Mailing Lists: Archives: freeciv-dev: October 2002:
[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)
Home

[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: Freeciv-Dev <freeciv-dev@xxxxxxxxxxx>
Subject: [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)
From: Reinier Post <rp@xxxxxxxxxx>
Date: Wed, 23 Oct 2002 12:51:22 +0200

On Wed, Oct 23, 2002 at 10:22:25AM +0000, Per I. Mathisen wrote:
> On Wed, 23 Oct 2002, Reinier Post wrote:
> > > This means changing "save" and "load" so that they cannot overwrite
> > > anything useful on the system. This should be relatively simple - restrict
> > > them to a directory of theirown, and check that any files to be loaded or
> > > overwritten are also freeciv savefiles. Note that this change will also be
> > > necessary if load and save is ever to be implemented on civserver. The
> > > same goes for loading rulesets.
> >
> > It requires more scrutiny to do this right.A well known security hole
> > is to allow files to be used from publically writeable directories like
> > /tmp, where peopple can place symlinks.
> 
> I did write "a directory of their own". That, and as long as the filename
> is restricted to the set [a-z,A-Z,0-9,'-'], then security should be
> foolproof by design.

Yes, with the understanding that "a directory of their own" means (due
to symlinks) that you actually have to move up from that directory to
.. until the root and test that none of the directories you find are writeable
by others.

> > What is wrong with turning all commands to /set commands (e.g. /start
> > would be an alias for /set gamestatus running) and turning the
> > "server options" dialog into a bunch of editable settings?
> 
> That may not be a bad idea.

Of course this is just conceptual - in the UI, "Start" would still be a button
to push rather than a value to select.
 
> > > It is my hope that eventually any UI for the server will be unnecessary,
> > > and that using its commandline will be an option used only for debugging.
> >
> > How do you mean?The game settings have to be determined by the users.
> 
> Yes, but from the client.

I see.  Yes, I agree.

The only problem I have with Mike's approach is that it makes the client
start a server.  This is not necessary - it can be done by a wrapper.
The wrapper can also take care of restarting civserver if it goes down.
The client should be able to ping a server however, to see if it is
running, before trying to connect.

>   - Per

-- 
Reinier


[Prev in Thread] Current Thread [Next in Thread]