Complete.Org: Mailing Lists: Archives: freeciv-dev: January 2005:
[Freeciv-Dev] Re: (PR#11851) Hack request should verify userid in additi

[Freeciv-Dev] Re: (PR#11851) Hack request should verify userid in additi

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: edoverton@xxxxxxxxxx
Subject: [Freeciv-Dev] Re: (PR#11851) Hack request should verify userid in addition to random string
From: "Vasco Alexandre da Silva Costa" <vasc@xxxxxxxxxxxxxx>
Date: Sat, 8 Jan 2005 08:20:26 -0800
Reply-to: bugs@xxxxxxxxxxx

<URL: >

On Fri, 7 Jan 2005, Ed Overton wrote:

> <URL: >
> The current hack request method essentially boils down to ensuring that
> the server and client can both use the same file on the same host.  That
> process hits possible trouble on Windows (and perhaps in some situations
> on other platforms - I don't know).  On Windows, the directory chosen
> for the hack request file can resolve to the current directory.  When
> user A is running the server and user B is running a client, both can be
> running in the same current directory (where the civserver and civclient
> are installed).  In that case, user B's client is granted hack access to
> user A's server when the common directory is writable.
> This patch simply adds a userid (user_username) check to the hack
> request process.  I hope I got everything right;  this is my first patch
> submission.  Apologies if I missed something.

You forgot the user can lie with a hacked client. If you know what is the
username of the person running the server (easy, since it shows up in the
task manager process list), you can just return it.

The security mechanism hinges on the fact that non-authorized
persons are unable to write to the directory that will have the file with
the challenge token. Your solution didn't ensure that.

There is another option, for Windows NT based OSes. Save Freeciv
configuration data, including this, in the proper user level app settings
folder, i.e.:

Documents and Settings\Username\Application Data\

It is a simple matter of changing the homedir detection scheme on Windows
NT OSes to use the appropriate SHGetFolderPath or friends:

I certainly hope Windows NT default permissions do not enable users to
read each other's personal files...

Vasco Alexandre da Silva Costa @ Instituto Superior Tecnico, Lisboa

[Prev in Thread] Current Thread [Next in Thread]