[Freeciv-Dev] [bug #20556] No way to disable hack access of new clients of local server with same user
Update of bug #20556 (project freeciv): Category: general = client Status: Ready For Test = Fixed Assigned to:None = cazfi Open/Closed:Open = Closed ___ Reply to this item at: http://gna.org/bugs/?20556 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #20556] No way to disable hack access of new clients of local server with same user
Follow-up Comment #6, bug #20556 (project freeciv): Implementation that adds commandline parameter --Hackless to debug builds. (file #21826) ___ Additional Item Attachment: File name: Hackless.patch Size:2 KB ___ Reply to this item at: http://gna.org/bugs/?20556 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #20556] No way to disable hack access of new clients of local server with same user
Follow-up Comment #5, bug #20556 (project freeciv): Is attached patch sufficient? Mm. It's clearly better than nothing, and cheap, but to be honest I suspect I'd be more likely to actually use it if it didn't involve a slow configure-and-compile-from-scratch. Points taken about the extra flexibility of doing it client-side rather than server-side, though. I guess ideally I'd have a client option like --no-hack Do not request 'hack' privileges when connecting to server (has no effect on locally spawned server). ___ Reply to this item at: http://gna.org/bugs/?20556 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #20556] No way to disable hack access of new clients of local server with same user
Follow-up Comment #2, bug #20556 (project freeciv): I don't think this is sufficient. If you connect a second client to the server, it will get hack access. Why not using a server option (from command line) like --hack? I would expect that client get hack access on its spawn one, but not if running the server separatly. Maybe a second option for client side should be welcome to prevent to spawn the server with --hack? ___ Reply to this item at: http://gna.org/bugs/?20556 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #20556] No way to disable hack access of new clients of local server with same user
Follow-up Comment #3, bug #20556 (project freeciv): If you connect a second client to the server, it will get hack access. Um... no? Server is not spawned by that client either. Unless you mean compiling second client without --disable-client-hack, but one would do that quite intentionally. Remember that this is not a security feature, but debug/testing feature. It's actually a valid use-case to test combination of hack and non-hack clients together. Why not using a server option (from command line) like --hack? How spawned server could then tell the spawning client apart from others? Or, assuming test involving both hack and non-hack clients, how does it know should-allow-hack clients in general? That's why I think it should be in client side. ___ Reply to this item at: http://gna.org/bugs/?20556 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #20556] No way to disable hack access of new clients of local server with same user
Follow-up Comment #4, bug #20556 (project freeciv): I have probably missed something when reading your patch, sorry. ___ Reply to this item at: http://gna.org/bugs/?20556 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #20556] No way to disable hack access of new clients of local server with same user
Update of bug #20556 (project freeciv): Category:None = general Status:None = Ready For Test Planned Release: = 2.6.0 ___ Follow-up Comment #1: Is attached patch sufficient? It adds configure option --disable-client-hack. Behavior without this option (client-hack enabled) remains exactly the same. With the option (client-hack disabled) client will request hack access only if it has spawned the server itself. (file #20858) ___ Additional Item Attachment: File name: ClientHack.patch Size:1 KB ___ Reply to this item at: http://gna.org/bugs/?20556 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #20556] No way to disable hack access of new clients of local server with same user
URL: http://gna.org/bugs/?20556 Summary: No way to disable hack access of new clients of local server with same user Project: Freeciv Submitted by: jtn Submitted on: Sun Feb 24 14:35:32 2013 Category: None Severity: 1 - Wish Priority: 5 - Normal Status: None Assigned to: None Originator Email: Open/Closed: Open Release: Discussion Lock: Any Operating System: None Planned Release: ___ Details: When I'm testing Freeciv from my checkout, and I launch a server separately from the clients (to simulate a real client/server setup), all the clients automatically get 'hack' access. It's possible to downgrade already-connected clients with a server command like 'cmdlevel basic', but this doesn't affect newly connecting clients. This means it's hard (particularly for developers) to test the server the way a real network server would be run; clients with hack access get all sorts of random extra allowances (such as non-ASCII city names), so it would be easy to miss bugs impacting real use. It needs to remain possible for local separate-server-and-client setups to use 'hack', or e.g. editing will become impossible in that scenario. Arguably it should remain the default behaviour (certainly it needs to be the default for client-spawned servers). I think the easiest answer is a server option or similar that allows automatic hack access to be completely turned off. In this mode any single_want_hack_req from the client is ignored. (This option ought to be only changeable at 'hack' level, I think.) In this mode, hack access would still be possible manually via /cmdlevel (e.g. from the console). If not the default, for this to be useful developers have to remember to use it, but that's an improvement on the current situation. Could have a server in this mode signal its unwillingness to play by returning a blank filename to the client in join_reply, but that requires a capability bump as existing clients will try to create the empty file. On stable branches it's harmless to have the client create the file and return you_have_hack=false anyway. Might want to hide/disable/ignore this option for client-spawned servers, to stop single-player users getting themselves into trouble by getting it somehow saved it in their .freeciv-client-rc-X.X and being completely unable to start a controlled server. ___ Reply to this item at: http://gna.org/bugs/?20556 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev