[Freeciv-Dev] (PR#11851) Hack request should verify userid in addition t
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
<URL: http://bugs.freeciv.org/Ticket/Display.html?id=11851 >
> [ednotover - Tue May 24 17:16:10 2005]:
>
> > [rp - Tue May 24 16:57:11 2005]:
>
> > My question: it seems a lot cleaner and more secure to do away
> > with all the special code and instead just let the client write
> > a temporary startup file containing the /cmdlevel hack command,
> > then make it invoke the server as
> >
> > civserver -r mygenerated.rc
>
> > Let me know if there's something I'm missing.
>
> That introduces two race conditions. First, the .rc file might be
> altered prior to the server reading it. Second, and much more
> significant, a startup .rc file must specify /cmdlevel hack first (or
> refer to a connection name). However, the "right" client might not be
> the first to contact the server - so the "wrong" client has a window of
> opportunity to claim first (or to claim that connection name) prior to
> the "right" one.
I just take the Unix attitude here: file permissions define authorization.
If someone can read or write a file I gave them read permissions to, then
it's because I want them to. Put another way, if different Freeciv
instantiations or client/server pairs should not have access to each other's
environment, make them run as different users. That's what users are for.
This takes away your first concern. An option would be to allow commands to
be entered on the command line, e.g.
civserver -o 'cmdlevel first hack'
Your second objection is more serious. I don't see how to resolve it in a
way that improves over what is happening now. However I maintain that
putting in kludges to make it appear that Freeciv separates users when run
under the same user is the wrong approach. Windows also has a Run As
command.
|
|
