patchFreeciv - Patches: patch #2827, Client runs server script from...

 
 
Show feedback again

patch #2827: Client runs server script from current directory in debug build only

Submitted by:  Marko Lindqvist <cazfi>
Submitted on:  Sun 24 Jul 2011 07:19:44 AM UTC  
 
Category: clientPriority: 5 - Normal
Status: DonePrivacy: Public
Assigned to: Marko Lindqvist <cazfi>Open/Closed: Closed
Planned Release: 2.2.8, 2.3.0, 2.4.0

Add a New Comment (Rich MarkupRich Markup):
   

You are not logged in

Please log in, so followups can be emailed to you.

 

Wed 27 Jul 2011 06:20:11 AM UTC, SVN revision 20012:

Made client to search server from relative paths in debug builds only.

See gna patch #2827

(Browse SVN revision 20012)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Wed 27 Jul 2011 06:20:04 AM UTC, SVN revision 20011:

Made client to search server from relative paths in debug builds only.

See gna patch #2827

(Browse SVN revision 20011)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Wed 27 Jul 2011 06:19:58 AM UTC, SVN revision 20010:

Made client to search server from relative paths in debug builds only.

See gna patch #2827

(Browse SVN revision 20010)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Sun 24 Jul 2011 09:33:08 PM UTC, comment #1:

- Fix problem in Windows specific code also

(file #13657)

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Sun 24 Jul 2011 07:19:44 AM UTC, original submission:

When launching server, client prefers running it as "./ser" That can be considered security issue in release builds. Attacker just has to trick user to run client in a (world writable) directory where he has placed his own ser-program.

OTOH running ./ser is definitely useful feature during development so that client finds server directly from build directory.

Attached patch makes client to search server from relative paths only in debug builds.

Yes, as this is security issue, I've set 2.3.0 (and not 2.3.1) among targets even though we already have RC for 2.3.0.

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.

 

(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):
   
   
Comment:
   

Attached Files
file #13649:  SrvPathSecurity.diff added by cazfi (824B - text/plain)

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by cazfi (Submitted the item)
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    Follow 5 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Wed 27 Jul 2011 06:20:24 AM UTCcazfiStatusReady For Test=>Done
      Assigned toNone=>cazfi
      Open/ClosedOpen=>Closed
    Sun 24 Jul 2011 09:33:08 PM UTCcazfiAttached File-=>Added SrvPathSecurity_2827-2.diff, #13657
    Sun 24 Jul 2011 07:19:44 AM UTCcazfiAttached File-=>Added SrvPathSecurity.diff, #13649
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup