Hello. Is it somehow possible to retrieve the last executed command (in raw text) of an input controller? E.g. whether it was ".ping", "say Blabla", "byond://?src..." or anything else? I searched the forums but didn't find anything.
The reason for this would be to prevent exploits allowing people to access any topic ingame via the use of "byond://?src...". Thank you.
ID:742282
May 13 2012, 9:36 am (Edited on May 13 2012, 9:45 am)
(See the best response by Metamorphman.)
|
|
May 13 2012, 10:07 am
Best response
|
|
You can use client/Command() to check what is being entered, and client/control_freak to stop the users from using the command input from the task bar.
|
While Meta's solution is the most all encompassing (and so, probably best here) another potential solution for this would be the use of pseudo-random canary values in your Topic(). This could be as simple as:
// Introduce a nice datum for managing canary values for Topic. This basically means a random value (per client) is inserted and checked off when it's used, allowing one click of the topic, that only the specific client knows the value of. This is very much a paranoid solution, as it doesn't really permit a bunch of useful things like: Clicking the same link a bunch of times. oview() << "Some topic" |
Does control_freak prevent users from using a hacked client to abuse Topic()? If not, it's not really worth it, since it also blocks a lot of other options such as client-side profiling. As long as BYOND doesn't have a way to tell if a Topic() command is genuine, it'll always be possible to generate fake commands with a hacked/fake client, and as far as I know this stuff *is* happening at the moment on a server that uses control_freak.
From what I can tell, we simply need to make our Topic calls secure, which in a lot of cases just means the Topic() proc asking "Is the user in a position where he can access this object?" The only trouble is that there are so many Topic() procs that this'll be a lot of work to pull off. Or in other words: The previous coders didn't understand the security issues connected to Topic(), and now our code is a swiss cheese of security holes. The only non-messy, non-hacky solution to fix this is to plug the holes. |
Could you clarify what you mean by hacked client? I assume, you just mean something where the person has altered their own skin.
|
I believe they mean that someone found a way to ignore control_freak entirely, so no matter what the server has it set to, they can do anything it would have blocked, unless, for that specific action, the server checks control_freak first.
In this case, I believe it is using an arbitrary byond:// link. Perhaps they have an internet explorer extension of some sort that specifically notices when BYOND opens a page, and inserts whatever link they choose, or even rapidly informs the game that a specifically link has been clicked, perhaps hundreds of times per second. Add to that one or more datum which is normally only accessed by admins and has useful commands on it, without proper authentication that they are, indeed, an admin, and there could be issues. It doesn't matter that they don't know the specific src= to get that object, they can just guess until they find it. Rather annoying, I wish I had a way to quickly test my theories about how they are doing it, but I don't run a server that has had problems yet, so I can only guess... |