[Freeciv-Dev] (PR#11851) Hack request should verify userid in addition to random string

["Ed Overton" <edoverton@xxxxxxxxxx>]

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=11851 >

> [vasc - Sat Jan 08 19:29:41 2005]:
> 
> On Sat, 8 Jan 2005, Ed Overton wrote:

> > 1) In account Y, create ~/.freeciv .  Open its permissions wide.  Start
> > civserver.
> 
> If you did something as stupid as set global write permissions to
> that directory, of course it won't work.

> In short, you are telling me you trust other people to use your PC and
> clobber or delete the binaries, but you don't trust them to change in-game
> settings. :-)

I understand your point, but my main concern is neither the in-game
settings nor the world writable files - my concern is for the files that
normally cannot be touched by another user.  If a user complained that
the user's mail had been obliterated by a malicious user taking
advantage of a running civserver process, is the answer simply, "Well,
too bad - you had 777 on ~/.freeciv"?  Why should the user think that
opening up ~/.freeciv would have permission implications outside of
~/.freeciv?

My points are:

1) A seemingly minor mistake in permission settings in one location
(having one's ~/.freeciv directory world writable) exposes *all* one's
files to getting clobbered via malicious use of the server's save command.

2) The current implementation causes that exposure all the time on the PC.

3) The patch submission was aimed to make things a little bit better
than what's in place now (currently, a client doesn't have to do
anything special to take advantage of the exposure).

Ed