[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Wed, Oct 23, 2002 at 12:15:36PM +0000, Per I. Mathisen wrote:
> On Wed, 23 Oct 2002, Reinier Post wrote:
> > > I did write "a directory of their own". That, and as long as the filename
> > > is restricted to the set [a-z,A-Z,0-9,'-'], then security should be
> > > foolproof by design.
> >
> > Yes, with the understanding that "a directory of their own" means (due
> > to symlinks) that you actually have to move up from that directory to
> > .. until the root and test that none of the directories you find are
> > writeable
> > by others.
>
> Say Freeciv creates ~/.freeciv/savegames/ with chmod 700. I don't see any
> way a hostile local user or a network user may manage to exploit it with
> the restrictions mentioned above.
no. this is crazy. An attacker can simply fill up your hard drive with
savegames. I don't want to give someome this ability and I don't want to
mandate quotas as a prereq to playing freeciv.
No. giving hack privileges requires either the person who actually
started the server or a _trusted_ user.
It's clear to me now that if we're going to do this, we're going to have to
do it right and that means public key encryption. I think vasc is right:
it's certainly easier to send commands to the server via sockets rather
than pipes. All it requires is making sure the server knows who it's
talking too. A key or password written to a file that both the server and
client running with the same uid have access to is an easy way to
accomplish that.
I propose:
o a cut down RSA encrypt/decrypt module in common/ (useful in client
authentication too.)
o a new packet pair for doing the said cypto handshakes, etc
o a new packet pair for sending commands to the server and success/fail
replies. (maybe)
o a small routine to generate a passfile so that the client is authorized
to send hack commands to the server.
o a server commandline option to direct it to generate the passfile is a
certain location. (or to act like a spawned server or whatever)
In this case, we can avoid fork() and pipe().
Now who would like to pull the RSA stuff out of openssl?
-mike
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), (continued)
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Vasco Alexandre Da Silva Costa, 2002/10/20
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Christian Knoke, 2002/10/21
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Vasco Alexandre Da Silva Costa, 2002/10/21
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Per I. Mathisen, 2002/10/22
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Reinier Post, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Per I. Mathisen, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Reinier Post, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Per I. Mathisen, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911),
Mike Kaufman <=
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Per I. Mathisen, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Mike Kaufman, 2002/10/23
- [Freeciv-Dev] Savegame Location was: Re: connect dialog ver 3 (PR#1911), Christian Knoke, 2002/10/23
- [Freeciv-Dev] Re: Savegame Location was: Re: connect dialog ver 3 (PR#1911), Per I. Mathisen, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Reinier Post, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Jason Short, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Raimar Falke, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Thomas Strub, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Vasco Alexandre Da Silva Costa, 2002/10/23
- [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911), Reinier Post, 2002/10/23
|
|
