bugFreeciv - Bugs: bug #20556, No way to disable hack access of...

 
 
Show feedback again

bug #20556: No way to disable hack access of new clients of local server with same user

Submitted by:  Jacob Nevins <jtn>
Submitted on:  Sun 24 Feb 2013 02:35:32 PM UTC  
 
Category: clientSeverity: 1 - Wish
Priority: 5 - NormalStatus: Fixed
Assigned to: Marko Lindqvist <cazfi>Open/Closed: Closed
Release: Operating System: None
Planned Release: 2.6.0

Add a New Comment (Rich MarkupRich Markup):
   

You are not logged in

Please log in, so followups can be emailed to you.

 

(Jump to the original submission Jump to the original submission)

Tue 26 Aug 2014 10:51:12 PM UTC, SVN revision 26055:

Added commandline option "--Hackless" to client in debug builds. It allows to mimic
connection to remote server with local server.

Requested by Jacob Nevins

See bug #20556

(Browse SVN revision 26055)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Sun 24 Aug 2014 08:29:59 PM UTC, comment #6:

Implementation that adds commandline parameter "--Hackless" to debug builds.

(file #21826)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Tue 03 Jun 2014 11:13:27 PM UTC, comment #5:

> Is attached patch sufficient?

Mm. It's clearly better than nothing, and cheap, but to be honest I suspect I'd be more likely to actually use it if it didn't involve a slow configure-and-compile-from-scratch.

Points taken about the extra flexibility of doing it client-side rather than server-side, though.
I guess ideally I'd have a client option like "--no-hack Do not request 'hack' privileges when connecting to server (has no effect on locally spawned server)".

Jacob Nevins <jtn>
Project Administrator
Fri 30 May 2014 06:46:58 PM UTC, comment #4:

I have probably missed something when reading your patch, sorry.

pepeto <pepeto>
Project Member
Fri 30 May 2014 06:49:02 AM UTC, comment #3:

> If you connect a second client to the server, it will get hack
> access.


Um... no? Server is not spawned by that client either.
Unless you mean compiling second client without --disable-client-hack, but one would do that quite intentionally. Remember that this is not a security feature, but debug/testing feature. It's actually a valid use-case to test combination of hack and non-hack clients together.

> Why not using a server option (from command line) like
> "--hack"?


How spawned server could then tell the spawning client apart from others? Or, assuming test involving both hack and non-hack clients, how does it know should-allow-hack clients in general? That's why I think it should be in client side.

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Fri 30 May 2014 06:36:44 AM UTC, comment #2:

I don't think this is sufficient. If you connect a second client to the server, it will get hack access.

Why not using a server option (from command line) like "--hack"?

I would expect that client get hack access on its spawn one, but not if running the server separatly.

Maybe a second option for client side should be welcome to prevent to spawn the server with "--hack"?

pepeto <pepeto>
Project Member
Thu 29 May 2014 11:08:54 PM UTC, comment #1:

Is attached patch sufficient?

It adds configure option --disable-client-hack. Behavior without this option (client-hack enabled) remains exactly the same. With the option (client-hack disabled) client will request hack access only if it has spawned the server itself.

(file #20858)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Sun 24 Feb 2013 02:35:32 PM UTC, original submission:

When I'm testing Freeciv from my checkout, and I launch a server separately from the clients (to simulate a "real" client/server setup), all the clients automatically get 'hack' access.

It's possible to downgrade already-connected clients with a server command like 'cmdlevel basic', but this doesn't affect newly connecting clients.

This means it's hard (particularly for developers) to test the server the way a real network server would be run; clients with "hack" access get all sorts of random extra allowances (such as non-ASCII city names), so it would be easy to miss bugs impacting real use.

It needs to remain possible for local separate-server-and-client setups to use 'hack', or e.g. editing will become impossible in that scenario. Arguably it should remain the default behaviour (certainly it needs to be the default for client-spawned servers).

I think the easiest answer is a server option or similar that allows automatic hack access to be completely turned off. In this mode any single_want_hack_req from the client is ignored. (This option ought to be only changeable at 'hack' level, I think.)

In this mode, "hack" access would still be possible manually via /cmdlevel (e.g. from the console).

If not the default, for this to be useful developers have to remember to use it, but that's an improvement on the current situation.

Could have a server in this mode signal its unwillingness to play by returning a blank filename to the client in join_reply, but that requires a capability bump as existing clients will try to create the empty file. On stable branches it's harmless to have the client create the file and return you_have_hack=false anyway.

Might want to hide/disable/ignore this option for client-spawned servers, to stop single-player users getting themselves into trouble by getting it somehow saved it in their .freeciv-client-rc-X.X and being completely unable to start a controlled server.

Jacob Nevins <jtn>
Project Administrator

 

(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):
   
   
Comment:
   

Attached Files
file #21826:  Hackless.patch added by cazfi (3kB - text/x-diff)
file #20858:  ClientHack.patch added by cazfi (2kB - text/x-diff)

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by pepeto (Posted a comment)
  • -unavailable- added by cazfi (Updated the item)
  • -unavailable- added by jtn (Submitted the item)
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    Follow 9 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Tue 26 Aug 2014 10:51:25 PM UTCcazfiCategorygeneral=>client
      StatusReady For Test=>Fixed
      Assigned toNone=>cazfi
      Open/ClosedOpen=>Closed
    Sun 24 Aug 2014 08:29:59 PM UTCcazfiAttached File-=>Added Hackless.patch, #21826
    Thu 29 May 2014 11:08:54 PM UTCcazfiAttached File-=>Added ClientHack.patch, #20858
      CategoryNone=>general
      StatusNone=>Ready For Test
      Planned Release=>2.6.0
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup