Michal, OK. So on the gweather interface we need to document the fact that the interface is not supported, placed in a demo directory or simply not ship it. Saying that Volatile is enough is incorrect.
In terms of GGZ when one of these games is started is the user automatically logged into a server? Or do they need to ask to be logged into a specific server? If I am following correctly then there are passwords that are passed over the wire in clear text because we do not have the encryption turned on yet. Is that correct? Brian stated that the user can have an intranet server set up. Is the intranet server automatically started? Or does the system administrator need to configure and start it? If they need to start it how is it started, command line, init.d, smf, ...? Thanks, John Michal Pryc wrote: > Hello, > >>> >>> I am interested in more information about the GGZ interfaces. >>> What are the security concerns with the following statement? >>> >>> GGZ interfaces can be used by games to support network >>> gaming features, so that people can play games with other >>> people over the internet. >>> >>> How are the other people identified? What protections are >>> taken to insure our customers are protected against a malicious >>> individual? Is the network feature enabled by default after >>> install? When the "other people" send data is it validated >>> against overflow situations? >> >> Michal is the responsible engineer of gnome-games and the right person >> to answer these questions. I will let him answer your questions. > > Please refer to the attached e-mail for the answers about GGZ. > > > ------------------------------------------------------------------------ > > Subject: > Re: questions about ggz and libgweather from john fisher > From: > Michal Pryc <Michal.Pryc at Sun.Com> > Date: > Tue, 25 Mar 2008 10:01:02 +0000 > To: > Brian Cameron <Brian.Cameron at Sun.COM> > > To: > Brian Cameron <Brian.Cameron at Sun.COM> > CC: > Jedy Wang <Jedy.Wang at Sun.COM>, gnome222-arc <gnome222-arc at sun.com> > > > Brian Cameron wrote: >> >> Jedy: >> >>> John asked following 2 questions when review the materials of GNOME >>> 2.22 ARC case. Could you please answer the questions for him? You can >>> find the mail with the subject "GNOME 2.22 [LSARC/2008/207 FastTrack >>> timeout 04/02/2008]". Please reply that mail. >>> >>> 1) Are we documenting the extreme volatility of libgweather? How >>> are we letting our developer base that the interface is "not >>> supported"? >> >> Marking it as "Volatile" should be enough, I'd think. This library >> is only used by a few special purpose GNOME programs. I don't think >> there is serious concern that people are going to start writing a >> programs using this library. Over time, this library may mature to >> a point where it can be used by other programs. If there is such a >> need, I'd expect the library to move into the GNOME Platform interface >> set. > > Agree, "Volatile" for this library is the best option. > > >> >>> 2) I am interested in more information about the GGZ interfaces. >>> What are the security concerns with the following statement? >>> >>> GGZ interfaces can be used by games to support network >>> gaming features, so that people can play games with other >>> people over the internet. >>> >>> How are the other people identified? >> >> They log into the server, and all people are visible to all other >> people who also log into the server. > > That is correct. The GGZ may support encryption but we are building > without encryption support, so it is possible to sniff people passwords > and data flowing from the user to the ggz server, which may contain > passwords. The further plan is to have encryption enabled, once the > export control will be done. > > >>> What protections are >>> taken to insure our customers are protected against a malicious >>> individual? >> >> No special protection. Users can connect to special servers (such >> as an internal one) rather than the public ones for better security, >> if they want to set up a GGZ server. > > Right. > >> >>> Is the network feature enabled by default after >>> install? >> >> Yes. It isn't a feature that can be turned on or off via configuration. >> At least not currently. > It is build-in feature which can't be turned on/off. People might use it > or not so it's up to the users if they want to make any use of network > gaming. > >> >>> When the "other people" send data is it validated >>> against overflow situations? >> >> I doubt there is any special checking. >> >> However, Michal should verify. I haven't done a great deal of research. >> It might be good to have a discussion about this with the GGZ >> maintainers. > > I've checked this with the GGZ developers and the answer for this > question was that generally speaking there is some kind of validation, > but the network part of the code should be audited anyway, please see > attached text file from the IRC conversation. > > >> Here's some docs about GGZ security: >> >> http://www.ggzgamingzone.org/docs/guides/hosting/ggz-hosting-guide_40.html >> >> >> Seems like GGZ has had security problems in the past: >> >> http://www.frsirt.com/english/advisories/2006/0935 >> >> Brian > > best > Michal >
