[Crawl-ref-discuss] dropping multiuser

Fri, 12 Nov 2010 16:08:15 -0800 

Hi!

What would you guys think about dropping support for multiuser installs?
By multiuser I don't mean DGL or system-wide installs, it's solely about
traditional Unix systems where multiple people share bones and scores.

Rationale:
* shared servers are almost dead, people at most have /home mounted over
  NFS/SMB/...  from a remote server on multiple computers rather than
  logging on remotely to a single system
* it's a gaping security hole.  You can alter a number of files in
  /var/game/crawl/ (or wherever the maintainer put them) which can be used
  to either subvert someone's game or to make a more serious attack.  And
  with Crawl being setgid, any issue in our large codebase means you get
  access to the "games" gid, which means it is easy to corrupt Crawl or any
  other game using this scheme, likely being able to execute arbitrary code
  as another user who dares to run Crawl.
  There's about no validation of files being read, too.

Thus, there are two ways we can go:
* a thorough security audit
* dropping anything that can potentially break security

Note that 0.7 allows placing saves and the db cache in ~/.crawl/, which
wastes some disk space but stops trivial attacks -- you could just plant
some lua and have it do everything you want.  With that change you'd need
some overflow or the like, which is harder to do.  This feature was quite
experimental but at least Debian packaging uses it.

I'd suggest moving all such data (bones, scores, logfile, morgues) there as
well.  Bones could be shared with some sort of local Hearse, they are easy
to validate and we could add some capping to limit malicious forged bones
somehow (no Firestorm on D:4 ghosts, etc).  Scores would be a lost cause
altogether, though.

Do we care about such shared systems at all anymore?


-- 
1KB             // Microsoft corollary to Hanlon's razor:
                //      Never attribute to stupidity what can be
                //      adequately explained by malice.

------------------------------------------------------------------------------
Centralized Desktop Delivery: Dell and VMware Reference Architecture
Simplifying enterprise desktop deployment and management using
Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
client virtualization framework. Read more!
http://p.sf.net/sfu/dell-eql-dev2dev
_______________________________________________
Crawl-ref-discuss mailing list
Crawl-ref-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/crawl-ref-discuss

Reply via email to