Your message dated Mon, 15 Feb 2010 17:32:22 +1030
with message-id <[email protected]>
and subject line Closing bug
has caused the Debian Bug report #419542,
regarding freeciv-server: does not recognise the options -a -N any more, were
they removed?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
419542: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419542
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: freeciv-server
Version: 2.0.8-3
Severity: important
After the upgrade from sarge to newly stable etch I became aware if this:
The civserver does not recognise the option -a (--auth) and thus the option -N
(--Newusers)
any more. It prints an error message and a list of options where indeed the -a
and -N option
are not listed any more and then exits. I found no hint whether they were
removed deliberately
or replaced by new means of authorization for players.
Trying to run a new game:
free...@gateway:~/game_002_2007_03_15$ civserver --auth --Newusers --port 5555
--exit-on-end --read gamesetup_20070315.txt --gamelog gamelog_20070315.log
Error: unknown option '--auth'
....
free...@gateway:~/game_002_2007_03_15$
Trying to load and run a saved game:
free...@gateway:~/game_002_2007_03_15$ civserver --auth --Newusers --port 5555
--exit-on-end --file gamesave20070315-+2033m.sav.gz --gamelog
gamelog_20070315.log
Error: unknown option '--auth'
....
free...@gateway:~/game_002_2007_03_15$
Impact:
Leaving out the -a option the game will run with no problems. But any user will
be able to login as
any other user without a password required. This enables complete strangers to
join and disturb a
running game. Especially with servers (like mine) where users play over a time
of several weeks and
thus login and logout repeatedly. It gives me a hell of a time to determine
whether unauthorized
people gained access.
Possible scenario:
A game is running and all players are connected. A stranger stumbling on the
server decides to join
and make trouble. Once joined as guest he will see the hosts of all players.
Now he could try to
terminate one or all user connections by DDOS against the server or a single
player, because he
knows he can join thereafter as this specific user without any means of
authorization required.
Suggestion/Request:
Please include the -a and -N options as they existed in debian sarge
freeciv-server 2.0.1-1sarge2 in
order to enable privacy and security again.
With kind regards
josai
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19.2-grsec
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages freeciv-server depends on:
ii freeciv-data 2.0.8-3 Civilization turn based strategy g
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libreadline5 5.2-2 GNU readline and history libraries
ii zlib1g 1:1.2.3-13 compression library - runtime
freeciv-server recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
AIUI the ggz dependencies provide authentication for freeciv so I'll
close this.
kk
--
Karl Goetz, (Kamping_Kaiser / VK5FOSS)
Debian contributor / gNewSense Maintainer
http://www.kgoetz.id.au
No, I won't join your social networking group
signature.asc
Description: PGP signature
--- End Message ---
