[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)

[Mike Kaufman <kaufman@xxxxxxxxxxxxxxxxxxxxxx>]

On Wed, Oct 23, 2002 at 03:32:52PM +0000, Per I. Mathisen wrote:
> On Wed, 23 Oct 2002, Mike Kaufman wrote:
> > > Say Freeciv creates ~/.freeciv/savegames/ with chmod 700. I don't see any
> > > way a hostile local user or a network user may manage to exploit it with
> > > the restrictions mentioned above.
> >
> > no. this is crazy.An attacker can simply fill up your hard drive with
> > savegames.
> 
> We can set a limit on how many savegames that can be created. We can have
> X savegame "slots" for each game, identified by an increasing game number,
> say in ~/.freeciv/games/$number/. There are other possibilities.
> 
> This is a problem that can be solved with a good design.

for the public civserver, this is not a problem. We can enforce quotas, we
can run the server in a chroot jail, we can do all sorts of stuff, none of
which are acceptable for a home user.

> > It's clear to me now that if we're going to do this, we're going to have to
> > do it right and that means public key encryption.
> 
> This is probably necessary for player authentication anyway, but I still
> think it is no excuse for solving a design problem by merely adding more
> code.
> 
> Note how your solution does not solve the case of saving and loading games
> on public servers such as civserver.

no, but the problem of the public servers is _not_ the problem. The real
problem is running a server from a client on your own box. You simply do
not want to give hack level access to anyone who did not actually have
permission to start the server. Playing games about where certain
connections can save savegames to is not a good solution. If I am the
client starting a server, then I damn well want the ability to save games
anywhere I please (within my own machines' permissions)...

> I still want fork(), though.

Is there a particular reason? I can only think of redirecting stdout and
stderr to files so you can check server output.

-mike