Permissions in Script Files

fearlessfrog · #1 05-20-2011, 10:12 PM

Any more feedback?

Example: It would take five minutes to:

1. Set up a Cliffs of Dover server on your PC, put it on the internet, give it a name as 'New Server - Great New Mission!'

2. Write a tiny c# script on a mission that deletes the users 'My Documents' directory or uploads your local PC's files to a site on the internet.

3. For each person that just connects to the server and hits 'Create' on the flight mission, see how step (2) would impact them. Bad news.

Sorry to be a bit dramatic, but with no comments back and FMB people not even commenting here, it makes me suspect this isn't being taken seriously as a potential problem?

Just to reiterate: It *may* be possible to run executable code on each client PC that just connects to a CoD MP server. Not good.

This should be verified and looked at soon? Hopefully I am wrong?

TheEnlightenedFlorist · #2 05-20-2011, 11:49 PM

Quote:

Originally Posted by fearlessfrog

Just to reiterate: It's possible to run executable code on each client PC that just connects to a CoD MP server. Not good.

Are you sure this is true? I can't see any reason why the scripts would need to be downloaded onto each clients computer and ran there. Sure, a script could mess up a server, but that's the server admin's responsibility.

I don't even think the mission files are downloaded to clients' computers, just the info about where things are and such.

If this is true, it means that every client is a server and they are somehow collaborating to keep everybody's game the same. A pretty silly way to do it and not what I would expect from the dev team.

Quote:

Originally Posted by fearlessfrog

For each person that just connects to the server and hits 'Create' on the flight mission, see how step (2) would impact them.

I don't have any friends to connect to my servers but somebody might as well try it. I have a feeling anything like that would only affect the server.

Anyway, here's code that will create a directory and file in the root directory of the c: partition. Uncomment the commented stuff to delete it. It works on a server, I doubt it will work on a client connected to a server.

Code:

public override void Init(maddox.game.ABattle battle, int missionNumber)
    {
        base.Init(battle, missionNumber);

        // Specify a "currently active folder"
        string activeDir = @"c:\youve\been\";

        System.IO.Directory.CreateDirectory(activeDir);

        string newFileName = "duped";

        string newPath = System.IO.Path.Combine(activeDir, newFileName);

        if (!System.IO.File.Exists(newPath))
        {
            using (System.IO.FileStream fs = System.IO.File.Create(newPath))
            {
                for (byte i = 0; i < 100; i++)
                {
                    fs.WriteByte(i);
                }
            }
        }

        // Delete a directory and all subdirectories with Directory static method...
        //if (System.IO.Directory.Exists(@"c:\youve"))
        //{
        //    try
        //    {
        //        System.IO.Directory.Delete(@"c:\youve", true);
        //    }

        //    catch (System.IO.IOException e)
        //    {
        //        Console.WriteLine(e.Message);
        //    }
        //}
    }

fearlessfrog · #3 05-22-2011, 05:07 PM

Quote:

Originally Posted by TheEnlightenedFlorist

Are you sure this is true? I can't see any reason why the scripts would need to be downloaded onto each clients computer and ran there. Sure, a script could mess up a server, but that's the server admin's responsibility.

I don't even think the mission files are downloaded to clients' computers, just the info about where things are and such.

If this is true, it means that every client is a server and they are somehow collaborating to keep everybody's game the same. A pretty silly way to do it and not what I would expect from the dev team.

I don't have any friends to connect to my servers but somebody might as well try it. I have a feeling anything like that would only affect the server.

Anyway, here's code that will create a directory and file in the root directory of the c: partition. Uncomment the commented stuff to delete it. It works on a server, I doubt it will work on a client connected to a server.

Code:

public override void Init(maddox.game.ABattle battle, int missionNumber)
    {
        base.Init(battle, missionNumber);

        // Specify a "currently active folder"
        string activeDir = @"c:\youve\been\";

        System.IO.Directory.CreateDirectory(activeDir);

        string newFileName = "duped";

        string newPath = System.IO.Path.Combine(activeDir, newFileName);

        if (!System.IO.File.Exists(newPath))
        {
            using (System.IO.FileStream fs = System.IO.File.Create(newPath))
            {
                for (byte i = 0; i < 100; i++)
                {
                    fs.WriteByte(i);
                }
            }
        }

        // Delete a directory and all subdirectories with Directory static method...
        //if (System.IO.Directory.Exists(@"c:\youve"))
        //{
        //    try
        //    {
        //        System.IO.Directory.Delete(@"c:\youve", true);
        //    }

        //    catch (System.IO.IOException e)
        //    {
        //        Console.WriteLine(e.Message);
        //    }
        //}
    }

Thanks for that.

For me it looks like MP is ok, but SP needs a sandbox.

Agreed?

TheEnlightenedFlorist · #4 05-23-2011, 12:08 AM

Quote:

Originally Posted by fearlessfrog

Thanks for that.

For me it looks like MP is ok, but SP needs a sandbox.

Agreed?

I'm not familiar with .Net permissions, but they probably shouldn't have complete filesystem access. If you could limit it to certain directories that would be nice.

Ralith · #5 05-24-2011, 08:39 PM

Cliffs of Dover would hardly be the first game to require you to trust maps and mods you download, but despite this, sandboxing for the host doesn't seem entirely inappropriate, albeit certainly low-priority. You can stop going around declaring the sky to be falling, though, as there's no danger to people who aren't running unvetted content.

Ataros · #6 05-24-2011, 09:04 PM

Quote:

Скрипт на сервере, клиентом не закачивается и повредить что-то у клиента не сможет .

"A server script is not downloaded by a client and can not damage anything at client side."
naryv, member of the dev team http://www.sukhoi.ru/forum/showthrea...=1#post1626549

Ralith · #7 05-22-2011, 11:53 AM

Quote:

Originally Posted by fearlessfrog

It would take five minutes to...

Then why don't you go take five minutes instead of spreading FUD?

fearlessfrog · #8 05-22-2011, 04:51 PM

Quote:

Originally Posted by Ralith

Then why don't you go take five minutes instead of spreading FUD?

The SP missions aren't sandboxed, so with that problem already they had lost the benefit of doubt.

Post the results of your MP tests?