bugFreeciv - Bugs: bug #18530, Client-spawned server should not...

 
 
Show feedback again

bug #18530: Client-spawned server should not listen on all network interfaces

Submitted by:  Jacob Nevins <jtn>
Submitted on:  Sat 20 Aug 2011 10:34:23 PM UTC  
 
Category: clientSeverity: 3 - Normal
Priority: 5 - NormalStatus: Fixed
Assigned to: Jacob Nevins <jtn>Open/Closed: Closed
Release: 2.3.0Operating System: Any
Planned Release: 2.4.0

Add a New Comment (Rich MarkupRich Markup):
   

You are not logged in

Please log in, so followups can be emailed to you.

 

Tue 30 Aug 2011 08:13:20 PM UTC, SVN revision 20197:

Make client-spawned server bind to localhost interface, so that it's not
world-accessible.

Originally reported in Debian bug 567068 by Bastian Blank
(waldi@debian.org).

See gna bug #18530.

(Browse SVN revision 20197)

Jacob Nevins <jtn>
Project AdministratorIn charge of this item.
Sun 28 Aug 2011 11:03:53 PM UTC, comment #1:

Attached the trivial patch to add a "--bind localhost" argument to the client's server command line. Seems to work on my Ubuntu Linux 10.04 box (IPv6 enabled but not configured). Windows code not even compile-tested. No configurability.

I'll commit this to trunk soon if there are no objections, so we can begin the process of ironing out platform-specific kinks...

(file #13991)

Jacob Nevins <jtn>
Project AdministratorIn charge of this item.
Sat 20 Aug 2011 10:34:23 PM UTC, original submission:

As noted in Debian bug #578068, in this day and age, a single-player game shouldn't by default cause a listening port to be opened on a machine's public network interfaces.

Probably many people are saved by being behind NAT, but if/when IPv6 actually happens it may become more of an issue. Not to mention, say, netbooks on public Wi-Fi networks without firewalls.

Best would be to use something like Unix domain sockets as suggested in the Debian bug -- done right, this would keep servers on multiuser machines safe from other users -- but that's a lot of work and we'd need another solution for Windows. Staying with TCP but binding to the localhost interface seems like a "good enough" solution that will work for all the platforms we support.

It feels like this should be as simple as specifying a "--bind" argument to the spawned server. However, it's just the kind of change that will expose some platform-dependent networking issue and embarrassingly break single-player mode for someone. So I'm wary of trying to fix it in 2.3.x.

There are some users who use the client-spawned server as a LAN server (e.g., in this forum thread, and one other I can't find now). This change will break that usage pattern. It's not something we'd recommend anyway -- if the relevant client dies, it'll take down the server -- but we might nevertheless want to consider an option to choose the bound interface for client-spawned servers.

Jacob Nevins <jtn>
Project AdministratorIn charge of this item.

 

(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):
   
   
Comment:
   

Attached Files
file #13991:  trunk-client-spawned-server-bind.diff added by jtn (1kB - text/x-diff - trunk r20191)

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by jtn (Submitted the item)
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    Follow 5 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Tue 30 Aug 2011 08:18:52 PM UTCjtnStatusReady For Test=>Fixed
      Open/ClosedOpen=>Closed
    Sun 28 Aug 2011 11:03:53 PM UTCjtnAttached File-=>Added trunk-client-spawned-server-bind.diff, #13991
      StatusNone=>Ready For Test
      Assigned toNone=>jtn
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup