[Freeciv-Dev] Re: (PR#13262) pubserver-in-a-diff

["Per I. Mathisen" <per@xxxxxxxxxxx>]

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=13262 >

On Wed, 22 Jun 2005, Jason Short wrote:
> >* scripts are read with permission level of requesting player (is
> >  read with hack cmdlevel in cvs)
>
> This is still a security hole. Unprivilidged players can read any file
> that the server process owner has read access to.
...
> >* pubserver only: allow /read, /rulesetdir and /load of scenarios;
> >  the security measures for these should now be very tight

I guess you didn't read the patch? ;)

What I did was modify these commands when compiled as pubserver so that
they can _only_ read data from within the data directories, and /read will
only accept files ending in '.serv'. See security comments in the patch.

For normal usage, we surely want the ability to load saves, scripts,
scenarios and rulesets from whereever on your disk?

> I am even more strongly against having this be a configure-time switch
> however.Making it a configure-time switch prevents those with binary
> installations from running it.Debian would most likely have to have an
> additional package containing the exact same server with just the
> pubserver defines enabled, for instance.And once you have the
> pubserver server, you can't use it for regular play.Finally the use of
> code thatisn't often compiled is bug-prone.
>
> I know it's not trivial to make some of these changes (like the changed
> settings) runtime configurable.However if we figure out how to do this
> it will have benefits in other places too: for instance when startinga
> game through the client we'd like to be able to change the default
> topology, so that /show changed will only show it if it doesn't match
> the view.I'm willing to help out with this, but I think we need to
> separate the issues and deal with them one at a time.

This will be tough, but if you are willing to give a hand, I am sure we
can work something out.

  - Per