[Freeciv-Dev] Re: (PR#11851) Hack request should verify userid in addition to random string

["Vasco Alexandre da Silva Costa" <vasc@xxxxxxxxxxxxxx>]

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=11851 >

On Sat, 8 Jan 2005, Ed Overton wrote:

> <URL: http://bugs.freeciv.org/Ticket/Display.html?id=11851 >
>
> > [vasc - Sat Jan 08 16:21:02 2005]:
>
> > I do not think this patch helps, although the bug report contained
> > in it was interesting.
>
> The patch does take an (admittedly) small step.  I believe you can
> duplicate the issue on linux as follows:
>
> Log in as account X, and open two terminals.  In one terminal, ssh back
> to the localhost as account Y.
>
> 1) In account Y, create ~/.freeciv .  Open its permissions wide.  Start
> civserver.

If you did something as stupid as set global write permissions to
that directory, of course it won't work. If you allow people to write over
'civserver' they can also replace it with a hacked 'civserver'. If you
allow people to write over your OS system files, you are fubared.

> 2) In account X, define $HOME to ~Y/.freeciv .  Start civclient.
>
> X's client has the ability to write to ~Y/.freeciv, and therefore gets
> hack access.  With the patch, X's client does not get hack access since
> the userids don't match.

Unless you hack the client and know the userid of the other person, which
is quite simple, especially with multiple users on the same machine. In
short, it gives you security by obscurity. Which is no security,
especially on an OSS program.

The only solution is to fix the problem properly. Either make sure other
users cannot write to that file, or some other, safe, method.


In short, you are telling me you trust other people to use your PC and
clobber or delete the binaries, but you don't trust them to change in-game
settings. :-)

---
Vasco Alexandre da Silva Costa @ Instituto Superior Tecnico, Lisboa