Server Help

ASSS Questions - Billing & Directory Problems

L.C. - Sat Oct 31, 2009 1:12 am
Post subject: Billing & Directory Problems
Problems:
* Zone does not show up in any of the directory servers
* Zone does not connect to Snrrrub's Isometry when all possible information was supplied correctly (?)

Version of ASSS:
1.4.4

global.conf
Quote:
[ General ]

;PublicArenas = turf pb


[ Billing ]
;Proxy = bin/proxy
IP = xxxxxxxxxx
Port = xxxxxxxxxx
ServerName = SSCA Cold Fusion
Password = xxxxxxxxxx

; *** Isometry Billing Information ***
;
; Biller IP = xxxxxxxxxx
; Biller Port = xxxxxxxxxx
; Biller Password = xxxxxxxxxx
; Zone Name = SSCA Cold Fusion
; Zone IP = 74.86.4.98
; Zone Port = 25000
; Zone ServerID = xxxxxxxxxx
; Zone ScoreID = xxxxxxxxxx
;
;
; *** Directory Information ***
;
; NamePassword = xxxxxxxxxx

[mysql]
hostname=localhost
user=asss
password=asss
database=asss


;; the syntax for these is:
;; [log_whatever]
;; modulename = DIMWE
;; D = debug, I = info, M = malicious, W = warning, E = error
;; they MUST be in caps
;; the modulename can be "all" to catch unmatched modules.
;; if you don't filter it out, it's enabled by default.

;[log_console]
; all = DIMWE

[log_file]
all = IMWE
persist = MWE
chat = DIMWE

[log_sysop]
all = ME


[ Listen ]
;; the main listening port
Port = 25000


[ Directory ]

Name = SSCA Cold Fusion
Description = ss://ds1.hlrse.net Zone description here.

Server1 = ssdir.playsubspace.com
Server2 = sscentral.sscuservers.net
Server3 = dirserver.ssnecentral.net
Server4 = ds1.hlrse.net

; changed settings:



Other Questions:
* How can I launch ASSS without asss.bat? How many different ways are there?
Hakaku - Sun Nov 01, 2009 12:35 pm
Post subject:
For the directory server:
- In modules.conf, make sure the 'directory' module is uncommented.
Code: Show/Hide
security:security
directory
billing
;; if you're using a billing server, you'll probably want to use this:
;billing_ssc


For the biller, it depends what kind of biller you're using. If it's a TCP biller, you should be using the 'billing' module. If it's a UDP biller, you should be using the 'billing_ssc' module. I'm guessing Isometry is the latter, so you should comment billing, and uncomment billing_ssc.
L.C. - Sun Nov 01, 2009 1:55 pm
Post subject:
Ok, thanks! I didn't know about this. icon_smile.gif
Cheese - Mon Nov 02, 2009 2:03 am
Post subject: Re: Billing & Directory Problems
L.C. wrote:
* How can I launch ASSS without asss.bat? How many different ways are there?


im also curious why it doesnt run without the bat...
L.C. - Mon Nov 02, 2009 9:19 am
Post subject:
Yeah ... for some reason running "asss.exe .." does not work while it would on my laptop. :\ I can't remember if I tested this on the server though before passing it through TCAdmin. I'll have to try it...

EDIT:
This works:
1) cd C:\Documents and Settings\qwerty\Desktop\asss-1.4.4\asss-1.4.4\bin
2) asss.exe ..

This does not:
1) C:\Documents and Settings\qwerty\Desktop\asss-1.4.4\asss-1.4.4\bin\asss.exe ..
Generates the error that it "can't open 'C:\Documents '"

This does not:
1) "C:\Documents and Settings\qwerty\Desktop\asss-1.4.4\asss-1.4.4\bin\asss.exe .."
Generates the error that '"' is not a valid command.



If I move the \asss-1.4.4\ folder to C:\ then...



This works:
1) cd C:\asss-1.4.4\bin
2) asss ..

This does not:
1) C:\asss-1.4.4\bin\asss.exe ..
Generates the following error in command prompt:
Quote:
asss 1.4.4 built at Sep 6 2007 22:36:26
Loading modules...
Unrecoverable error (5): Error in modules.conf: Can't open file 'conf/modules.conf' for reading


Which is the same error produced if I executed "asss.exe" instead of "asss.exe ..".



This problem is important for anyone that desires to use a gamepanel, such as TCAdmin, to host zones. TCAdmin executes using a full path, not a "cd C:\location\to\bin" + "executable.exe .." method. Using the asss.bat file is a major security vulnerability. Relocating asss.bat into the directory before, and then modifying the batch file so that it executes asss.exe (and even as "asss.exe ..") will not work.
Bak - Mon Nov 02, 2009 10:00 am
Post subject:
Using the asss.bat file is a major security vulnerability.

explain.
L.C. - Mon Nov 02, 2009 10:30 am
Post subject:
Users have FTP access to the root directory (which is \asss-1.4.4\), and they are able to modify *.bat files. It's beyond my control. If they can modify *.bat files, they can do a lot of damage or practically take down the whole server.

The usage of *.bat files for game server launching are impractical in the gameserver industry. If in extreme cases a batch file is used, they are in a directory out of reach of a user. With ASSS, this cannot be the case (otherwise it would be fine). Most game servers are launched by their executable with appended parameters. TCAdmin creates an FTP account for each user, and also has a restricted file list. Unfortunately, I am able to modify the contents of asss.bat with my non-administrative TCAdmin user account via FTP.

In all technicality, if someone really wanted to screw the server up, they probability could -- but they would have to have some real incentive and motivation to do it. This is where *.bat files become a problem -- they're too easy. Anyone could easily run some nasty scripts with a *.bat file if they know it is the file being executed and they have start/stop control over it. TCAdmin cannot regulate the contents of a *.bat file. It doesn't take any effort to cause damage to the system if you have access to a *.bat file that is being executed.

In TCAdmin, if you wanted to succeed in taking down the server with a batch file, you would have to have TCAdmin execute a batch file. But if you don't have access to that specific batch file TCAdmin executes, then tough luck. Your only way is by reverse engineering *.dll/executed *.exe files (if you have access to any of the core *.dll/executed *.exe files to begin with).

Most commonly, dedicated servers will have a directory structure where all the core contents are located at root, and then there is a folder with all the game contents. The user only has access to the game contents folder.

With this said, I will admit that Subgame2 could potentially be altered in malicious ways -- but with the inability to modify or upload executables, a person's only chance is with *.dll's. What about ASSS?

EDIT: Of course, I may be wrong in some specific details. I do not know ASSS enough to speak about its security fully, but I do know that the batch file is not safe.

EDIT2: Please also understand that I am not trying to belittle or crucify ASSS or anything. If someone wants Win32 ASSS hosting from me, I'm perfectly fine with that idea.
Dr Brain - Mon Nov 02, 2009 12:17 pm
Post subject:
The working directory has to be the asss root. The executable is in the bin directory. The simple way to run it is:
Code: Show/Hide
cd "C:\path\to\asss\"
bin\asss.exe


If you're worried about security, run asss on a virtual machine. Preferably a linux VM. You can also use linux for the host OS and run asss in a chroot jail.

Anyone with enough privileges to upload files to an asss system can do anything possible with the privileges of the asss process, with or without .bat files, so don't worry about them.
Anonymous - Mon Nov 02, 2009 12:24 pm
Post subject:
I don't have supreme authorities over the server to do that, and VM costs a lot of money. I will see if I can trick TCAdmin into executing "bin/asss.exe" or moving asss.bat outside again, but having it cd into the ASSS directory before executing.

Thanks for the assistance and advices!
Dr Brain - Mon Nov 02, 2009 12:50 pm
Post subject:
You don't need an enterprise quality VM with a support contract. A freeware version of just about anything would do the job.
Hakaku - Mon Nov 02, 2009 12:50 pm
Post subject:
Why not simply restrict user permissions from having ftp access to asss.bat?
Doc Flabby - Mon Nov 02, 2009 1:08 pm
Post subject:
If you can modify the bat file, you can modify the subgame2.exe file and replace its contents with evil.exe. I fail to see how either makes much difference to security.

The way to secure both is to prevent unauthorised modification..
Anonymous - Mon Nov 02, 2009 1:59 pm
Post subject:
Quote:
Why not simply restrict user permissions from having ftp access to asss.bat?
Because TCAdmin is responsible for creating FTP accounts, and this is beyond even my host's/partner's control.

Quote:
If you can modify the bat file, you can modify the subgame2.exe file and replace its contents with evil.exe. I fail to see how either makes much difference to security.
Yes... yes... Now that you mention this, I am reminded of some of the tutorials at http://www.hlrse.net/offlinewebpages about replacing the contents of files and hiding files inside an existing file using NTFS features. sa_tongue.gif
Hakaku - Mon Nov 02, 2009 6:30 pm
Post subject:
Ok, so then why not move asss.bat out of the ftp folder and change directory?

i.e.
Code: Show/Hide
@echo off

ECHO starting asss...

SET PYTHONPATH=C:\Python25\Lib

cd /d C:\asss-1.4.3

GOTO START

:START

C:\asss-1.4.3\bin\asss.exe


IF ERRORLEVEL 5 GOTO MODLOAD
IF ERRORLEVEL 4 GOTO MODCONF
IF ERRORLEVEL 3 GOTO OOM
IF ERRORLEVEL 2 GOTO GENERAL
IF ERRORLEVEL 1 GOTO RECYCLE
IF ERRORLEVEL 0 GOTO SHUTDOWN
.
.
.


By that same token, you should be able to do this in the command prompt:
Code: Show/Hide
cd /d C:\asss-1.4.3
SET PYTHONPATH=C:\Python25\Lib
C:\asss-1.4.3\bin\asss.exe


Both ways work fine for me.
Bak - Mon Nov 02, 2009 7:14 pm
Post subject:
Anyone with sysop access can upload a binary file (.dll) within asss and execute it by using ?insmod or modifying modules.conf, allowing you to do just about anything. Alternatively, with just FTP you can overwrite asss.exe to be a malicious executable. If you are restricting the executables permissions, why not just run a terminal to run asss.bat, and restrict the terminal's permissions?

cmd.exe /c asss.bat
L.C. - Mon Nov 02, 2009 7:18 pm
Post subject:
Refer to my post:
Quote:
I will see if I can trick TCAdmin into executing "bin/asss.exe" or moving asss.bat outside again, but having it cd into the ASSS directory before executing.


In other words I have the following:

\
\asss.bat
\Core
\Core\bin\asss.exe

User only has access to \Core and everything under it. But user does not have access to \. Here is asss.bat (I tested it in TCAdmin and it works excellently!):
Quote:
cd Core

@echo off

ECHO starting asss...

GOTO START

:START

bin\asss.exe

IF ERRORLEVEL 5 GOTO MODLOAD
IF ERRORLEVEL 4 GOTO MODCONF
IF ERRORLEVEL 3 GOTO OOM
IF ERRORLEVEL 2 GOTO GENERAL
IF ERRORLEVEL 1 GOTO RECYCLE
IF ERRORLEVEL 0 GOTO SHUTDOWN

ECHO unknown exit code: %ERRORLEVEL%.

GOTO END

:SHUTDOWN
ECHO asss exited with shutdown.
GOTO END

:RECYCLE
ECHO asss exited with recycle.
GOTO START

:GENERAL
ECHO asss exited with general error.
GOTO END

:OOM
ECHO asss out of memory. restarting.
GOTO START

:MODCONF
ECHO asss cannot start. bad modules.conf.
GOTO END

:MODLOAD
ECHO asss cannot start. error loading modules.
GOTO END

:END


Win win win! I also got it to publish itself by removing the comment for "directory", and connected to Isometry by enabling "billing_ssc".

EDIT: But it would still be nice nonetheless if ASSS was a little redesigned/restructured to be security friendly for gamepanel software and system.

Not many people want ASSS anyway, so it won't really be a big problem to me. I have been told by someone that there aren't enough developers for ASSS programming for ASSS to be worth it.

I guess I'll just have to allow ASSS hosting on a trust/credibility basis.
Hakaku - Mon Nov 02, 2009 7:52 pm
Post subject:
Quote:
Not many people want ASSS anyway, so it won't really be a big problem to me. I have been told by someone that there aren't enough developers for ASSS programming for ASSS to be worth it.


Oh? And to be fair, how many map developers and tileset designers are there? How many subgame developers are there? How many Mervbot 0.46 developers are there? TWCore, Shawnbot, Logicbot++, Merbot 0.48b, etc.? How many hosts are there for Mervbot? How many kids run around asking to be staff nowadays?

See, when you actually take reality into consideration and stop distorting stuff, there's not that many hosts, developers, or people motivated to become staff and help out period. If anything, there's far more developers, guides, and tutorials available for ASSS than there are for Mervbot (which pretty no one will host anymore); though it also doesn't stop you from running bots on ASSS. People are just afraid of ASSS because they have this preconceived notion that you have to know how to program to be able to use it because it's too complex - which is entirely false. Honestly, the biggest difference any sysop (familiar with subgame) needs to take into consideration is the structure, which takes as long to learn as Subgame does. Other than that, you lose more reluctantly sticking with Subgame than moving on to a more modern system; it's like trying to run a business in the 21st century on Windows 95 - it works, but you won't get very far.
Cheese - Tue Nov 03, 2009 2:33 am
Post subject:
was it really necessary to set the sinking ship on fire? :(
Grelminar - Tue Nov 03, 2009 7:02 am
Post subject:
Take a look at main.c: if you put a directory on the command line, asss will chdir to it before doing anything else.

For locking down an asss install, there's a preprocessor define that you can add to disable ?insmod and similar: CFG_NO_RUNTIME_LOAD. With that, the only modules loaded will be the ones in modules.conf. You still need to find some way to protect modules.conf, though. It would be easy to add a new parameter to tell it to find modules.conf somewhere else. Also look at CFG_RESTRICT_MODULE_PATH and the module search paths.
All times are -5 GMT
View topic
Powered by phpBB 2.0 .0.11 © 2001 phpBB Group