Complete.Org: Mailing Lists: Archives: freeciv-dev: June 2005:
[Freeciv-Dev] Re: (PR#13262) pubserver-in-a-diff
Home

[Freeciv-Dev] Re: (PR#13262) pubserver-in-a-diff

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Subject: [Freeciv-Dev] Re: (PR#13262) pubserver-in-a-diff
From: "Per I. Mathisen" <per@xxxxxxxxxxx>
Date: Wed, 22 Jun 2005 15:11:18 -0700
Reply-to: bugs@xxxxxxxxxxx

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=13262 >

On Wed, 22 Jun 2005, Jason Short wrote:
> > +    /* If we load a game, some players may be assigned to user accounts,
> > +     * in which case we should not start until they have joined too.
> > +     * Otherwise it would be easy to cheat. This will be problematic
> > +     * for scenarios where creators forget to reset usernames. */
> > +    if (pplayer->is_ready && pplayer->is_connected) {
> > +   num_ready++;
> > +    } else if (pplayer->is_connected
> > +               || is_valid_username(pplayer->username)) {
> > +   num_unready++;
>
> Is this supposed to apply in non-pubserver mode too?

That was the general idea...

> Perhaps the check should be changed so that all non-AI players must be
> ready.Then if you have (in new games or loaded games) a created player
> you must either wait for someone to connect to him or aitoggle him.And
> this should apply in both modes.

Then all you need to do to cheat is to aitoggle your opponents and start
the savegame... Very bad.

> > +static bool restricted_filepaths(struct connection *caller)
> > +{
> > +return (game.info.pubserver > 0
> > +        || (caller && caller->access_level != ALLOW_HACK));
> > +}
>
> Should be access_level < ALLOW_HACK?Or does this matter?

But there is nothing lower than ALLOW_HACK...

> > +if (restricted_filepaths(caller)) {
> > +  cmd_reply(CMD_SAVE, caller, C_FAIL,
> > +            _("You cannot save games manually on this server."));
> > +  return FALSE;
> > +}
>
> This check doesn't look useful.Basically the only added effect is to
> prevent admin saves on pubservers.Why not just restrict /save to hack
> users?

It is in case someone finds a way to hack 'hack' level access. We do not
want that to open up for a way to hack the system freeciv runs on, too.

> Rather than excluding certain characters we need to only include the
> allowed ones (alphanumerics).is_ascii_name isn't intended to be used for
> security and could be changed.

Ok.

  - Per





[Prev in Thread] Current Thread [Next in Thread]