Author |
Message |
L.C. Server Help Squatter
Age:33 Gender: Joined: Jan 03 2003 Posts: 574 Location: Missouri, US Offline
|
Posted: Sat Oct 31, 2009 1:12 am Post subject: Billing & Directory Problems |
|
|
|
|
Problems:
* Zone does not show up in any of the directory servers
* Zone does not connect to Snrrrub's Isometry when all possible information was supplied correctly (?)
Version of ASSS:
1.4.4
global.conf
Quote: | [ General ]
;PublicArenas = turf pb
[ Billing ]
;Proxy = bin/proxy
IP = xxxxxxxxxx
Port = xxxxxxxxxx
ServerName = SSCA Cold Fusion
Password = xxxxxxxxxx
; *** Isometry Billing Information ***
;
; Biller IP = xxxxxxxxxx
; Biller Port = xxxxxxxxxx
; Biller Password = xxxxxxxxxx
; Zone Name = SSCA Cold Fusion
; Zone IP = 74.86.4.98
; Zone Port = 25000
; Zone ServerID = xxxxxxxxxx
; Zone ScoreID = xxxxxxxxxx
;
;
; *** Directory Information ***
;
; NamePassword = xxxxxxxxxx
[mysql]
hostname=localhost
user=asss
password=asss
database=asss
;; the syntax for these is:
;; [log_whatever]
;; modulename = DIMWE
;; D = debug, I = info, M = malicious, W = warning, E = error
;; they MUST be in caps
;; the modulename can be "all" to catch unmatched modules.
;; if you don't filter it out, it's enabled by default.
;[log_console]
; all = DIMWE
[log_file]
all = IMWE
persist = MWE
chat = DIMWE
[log_sysop]
all = ME
[ Listen ]
;; the main listening port
Port = 25000
[ Directory ]
Name = SSCA Cold Fusion
Description = ss://ds1.hlrse.net Zone description here.
Server1 = ssdir.playsubspace.com
Server2 = sscentral.sscuservers.net
Server3 = dirserver.ssnecentral.net
Server4 = ds1.hlrse.net
; changed settings:
|
Other Questions:
* How can I launch ASSS without asss.bat? How many different ways are there? |
|
Back to top |
|
|
Hakaku Server Help Squatter
Joined: Apr 07 2006 Posts: 299 Location: Canada Offline
|
|
Back to top |
|
|
L.C. Server Help Squatter
Age:33 Gender: Joined: Jan 03 2003 Posts: 574 Location: Missouri, US Offline
|
Posted: Sun Nov 01, 2009 1:55 pm Post subject: |
|
|
|
|
Ok, thanks! I didn't know about this. |
|
Back to top |
|
|
Cheese Wow Cheese is so helpful!
Joined: Mar 18 2007 Posts: 1017 Offline
|
Posted: Mon Nov 02, 2009 2:03 am Post subject: Re: Billing & Directory Problems |
|
|
|
|
L.C. wrote: | * How can I launch ASSS without asss.bat? How many different ways are there? |
im also curious why it doesnt run without the bat... _________________ SSC Distension Owner
SSCU Trench Wars Developer |
|
Back to top |
|
|
L.C. Server Help Squatter
Age:33 Gender: Joined: Jan 03 2003 Posts: 574 Location: Missouri, US Offline
|
Posted: Mon Nov 02, 2009 9:19 am Post subject: |
|
|
|
|
Yeah ... for some reason running "asss.exe .." does not work while it would on my laptop. :\ I can't remember if I tested this on the server though before passing it through TCAdmin. I'll have to try it...
EDIT:
This works:
1) cd C:\Documents and Settings\qwerty\Desktop\asss-1.4.4\asss-1.4.4\bin
2) asss.exe ..
This does not:
1) C:\Documents and Settings\qwerty\Desktop\asss-1.4.4\asss-1.4.4\bin\asss.exe ..
Generates the error that it "can't open 'C:\Documents '"
This does not:
1) "C:\Documents and Settings\qwerty\Desktop\asss-1.4.4\asss-1.4.4\bin\asss.exe .."
Generates the error that '"' is not a valid command.
If I move the \asss-1.4.4\ folder to C:\ then...
This works:
1) cd C:\asss-1.4.4\bin
2) asss ..
This does not:
1) C:\asss-1.4.4\bin\asss.exe ..
Generates the following error in command prompt:
Quote: | asss 1.4.4 built at Sep 6 2007 22:36:26
Loading modules...
Unrecoverable error (5): Error in modules.conf: Can't open file 'conf/modules.conf' for reading
|
Which is the same error produced if I executed "asss.exe" instead of "asss.exe ..".
This problem is important for anyone that desires to use a gamepanel, such as TCAdmin, to host zones. TCAdmin executes using a full path, not a "cd C:\location\to\bin" + "executable.exe .." method. Using the asss.bat file is a major security vulnerability. Relocating asss.bat into the directory before, and then modifying the batch file so that it executes asss.exe (and even as "asss.exe ..") will not work. |
|
Back to top |
|
|
Bak ?ls -s 0 in
Age:25 Gender: Joined: Jun 11 2004 Posts: 1826 Location: USA Offline
|
|
Back to top |
|
|
L.C. Server Help Squatter
Age:33 Gender: Joined: Jan 03 2003 Posts: 574 Location: Missouri, US Offline
|
Posted: Mon Nov 02, 2009 10:30 am Post subject: |
|
|
|
|
Users have FTP access to the root directory (which is \asss-1.4.4\), and they are able to modify *.bat files. It's beyond my control. If they can modify *.bat files, they can do a lot of damage or practically take down the whole server.
The usage of *.bat files for game server launching are impractical in the gameserver industry. If in extreme cases a batch file is used, they are in a directory out of reach of a user. With ASSS, this cannot be the case (otherwise it would be fine). Most game servers are launched by their executable with appended parameters. TCAdmin creates an FTP account for each user, and also has a restricted file list. Unfortunately, I am able to modify the contents of asss.bat with my non-administrative TCAdmin user account via FTP.
In all technicality, if someone really wanted to screw the server up, they probability could -- but they would have to have some real incentive and motivation to do it. This is where *.bat files become a problem -- they're too easy. Anyone could easily run some nasty scripts with a *.bat file if they know it is the file being executed and they have start/stop control over it. TCAdmin cannot regulate the contents of a *.bat file. It doesn't take any effort to cause damage to the system if you have access to a *.bat file that is being executed.
In TCAdmin, if you wanted to succeed in taking down the server with a batch file, you would have to have TCAdmin execute a batch file. But if you don't have access to that specific batch file TCAdmin executes, then tough luck. Your only way is by reverse engineering *.dll/executed *.exe files (if you have access to any of the core *.dll/executed *.exe files to begin with).
Most commonly, dedicated servers will have a directory structure where all the core contents are located at root, and then there is a folder with all the game contents. The user only has access to the game contents folder.
With this said, I will admit that Subgame2 could potentially be altered in malicious ways -- but with the inability to modify or upload executables, a person's only chance is with *.dll's. What about ASSS?
EDIT: Of course, I may be wrong in some specific details. I do not know ASSS enough to speak about its security fully, but I do know that the batch file is not safe.
EDIT2: Please also understand that I am not trying to belittle or crucify ASSS or anything. If someone wants Win32 ASSS hosting from me, I'm perfectly fine with that idea. |
|
Back to top |
|
|
Dr Brain Flip-flopping like a wind surfer
Age:38 Gender: Joined: Dec 01 2002 Posts: 3502 Location: Hyperspace Offline
|
|
Back to top |
|
|
L.C. (College) Guest
Offline
|
Posted: Mon Nov 02, 2009 12:24 pm Post subject: |
|
|
|
|
I don't have supreme authorities over the server to do that, and VM costs a lot of money. I will see if I can trick TCAdmin into executing "bin/asss.exe" or moving asss.bat outside again, but having it cd into the ASSS directory before executing.
Thanks for the assistance and advices! |
|
Back to top |
|
|
Dr Brain Flip-flopping like a wind surfer
Age:38 Gender: Joined: Dec 01 2002 Posts: 3502 Location: Hyperspace Offline
|
Posted: Mon Nov 02, 2009 12:50 pm Post subject: |
|
|
|
|
You don't need an enterprise quality VM with a support contract. A freeware version of just about anything would do the job. |
|
Back to top |
|
|
Hakaku Server Help Squatter
Joined: Apr 07 2006 Posts: 299 Location: Canada Offline
|
Posted: Mon Nov 02, 2009 12:50 pm Post subject: |
|
|
|
|
Why not simply restrict user permissions from having ftp access to asss.bat? |
|
Back to top |
|
|
Doc Flabby Server Help Squatter
Joined: Feb 26 2006 Posts: 636 Offline
|
Posted: Mon Nov 02, 2009 1:08 pm Post subject: |
|
|
|
|
If you can modify the bat file, you can modify the subgame2.exe file and replace its contents with evil.exe. I fail to see how either makes much difference to security.
The way to secure both is to prevent unauthorised modification.. _________________ Rediscover online gaming. Get Subspace | STF The future...prehaps |
|
Back to top |
|
|
L.C. (College) Guest
Offline
|
Posted: Mon Nov 02, 2009 1:59 pm Post subject: |
|
|
|
|
Quote: | Why not simply restrict user permissions from having ftp access to asss.bat? | Because TCAdmin is responsible for creating FTP accounts, and this is beyond even my host's/partner's control.
Quote: | If you can modify the bat file, you can modify the subgame2.exe file and replace its contents with evil.exe. I fail to see how either makes much difference to security. | Yes... yes... Now that you mention this, I am reminded of some of the tutorials at http://www.hlrse.net/offlinewebpages about replacing the contents of files and hiding files inside an existing file using NTFS features. |
|
Back to top |
|
|
Hakaku Server Help Squatter
Joined: Apr 07 2006 Posts: 299 Location: Canada Offline
|
Posted: Mon Nov 02, 2009 6:30 pm Post subject: |
|
|
|
|
Ok, so then why not move asss.bat out of the ftp folder and change directory?
i.e.
@echo off
ECHO starting asss...
SET PYTHONPATH=C:\Python25\Lib
cd /d C:\asss-1.4.3
GOTO START
:START
C:\asss-1.4.3\bin\asss.exe
IF ERRORLEVEL 5 GOTO MODLOAD
IF ERRORLEVEL 4 GOTO MODCONF
IF ERRORLEVEL 3 GOTO OOM
IF ERRORLEVEL 2 GOTO GENERAL
IF ERRORLEVEL 1 GOTO RECYCLE
IF ERRORLEVEL 0 GOTO SHUTDOWN
.
.
.
|
By that same token, you should be able to do this in the command prompt:
cd /d C:\asss-1.4.3
SET PYTHONPATH=C:\Python25\Lib
C:\asss-1.4.3\bin\asss.exe |
Both ways work fine for me. |
|
Back to top |
|
|
Bak ?ls -s 0 in
Age:25 Gender: Joined: Jun 11 2004 Posts: 1826 Location: USA Offline
|
Posted: Mon Nov 02, 2009 7:14 pm Post subject: |
|
|
|
|
Anyone with sysop access can upload a binary file (.dll) within asss and execute it by using ?insmod or modifying modules.conf, allowing you to do just about anything. Alternatively, with just FTP you can overwrite asss.exe to be a malicious executable. If you are restricting the executables permissions, why not just run a terminal to run asss.bat, and restrict the terminal's permissions?
cmd.exe /c asss.bat |
|
Back to top |
|
|
L.C. Server Help Squatter
Age:33 Gender: Joined: Jan 03 2003 Posts: 574 Location: Missouri, US Offline
|
Posted: Mon Nov 02, 2009 7:18 pm Post subject: |
|
|
|
|
Refer to my post:
Quote: | I will see if I can trick TCAdmin into executing "bin/asss.exe" or moving asss.bat outside again, but having it cd into the ASSS directory before executing. |
In other words I have the following:
\
\asss.bat
\Core
\Core\bin\asss.exe
User only has access to \Core and everything under it. But user does not have access to \. Here is asss.bat (I tested it in TCAdmin and it works excellently!):
Quote: | cd Core
@echo off
ECHO starting asss...
GOTO START
:START
bin\asss.exe
IF ERRORLEVEL 5 GOTO MODLOAD
IF ERRORLEVEL 4 GOTO MODCONF
IF ERRORLEVEL 3 GOTO OOM
IF ERRORLEVEL 2 GOTO GENERAL
IF ERRORLEVEL 1 GOTO RECYCLE
IF ERRORLEVEL 0 GOTO SHUTDOWN
ECHO unknown exit code: %ERRORLEVEL%.
GOTO END
:SHUTDOWN
ECHO asss exited with shutdown.
GOTO END
:RECYCLE
ECHO asss exited with recycle.
GOTO START
:GENERAL
ECHO asss exited with general error.
GOTO END
:OOM
ECHO asss out of memory. restarting.
GOTO START
:MODCONF
ECHO asss cannot start. bad modules.conf.
GOTO END
:MODLOAD
ECHO asss cannot start. error loading modules.
GOTO END
:END
|
Win win win! I also got it to publish itself by removing the comment for "directory", and connected to Isometry by enabling "billing_ssc".
EDIT: But it would still be nice nonetheless if ASSS was a little redesigned/restructured to be security friendly for gamepanel software and system.
Not many people want ASSS anyway, so it won't really be a big problem to me. I have been told by someone that there aren't enough developers for ASSS programming for ASSS to be worth it.
I guess I'll just have to allow ASSS hosting on a trust/credibility basis. |
|
Back to top |
|
|
Hakaku Server Help Squatter
Joined: Apr 07 2006 Posts: 299 Location: Canada Offline
|
Posted: Mon Nov 02, 2009 7:52 pm Post subject: |
|
|
|
|
Quote: | Not many people want ASSS anyway, so it won't really be a big problem to me. I have been told by someone that there aren't enough developers for ASSS programming for ASSS to be worth it. |
Oh? And to be fair, how many map developers and tileset designers are there? How many subgame developers are there? How many Mervbot 0.46 developers are there? TWCore, Shawnbot, Logicbot++, Merbot 0.48b, etc.? How many hosts are there for Mervbot? How many kids run around asking to be staff nowadays?
See, when you actually take reality into consideration and stop distorting stuff, there's not that many hosts, developers, or people motivated to become staff and help out period. If anything, there's far more developers, guides, and tutorials available for ASSS than there are for Mervbot (which pretty no one will host anymore); though it also doesn't stop you from running bots on ASSS. People are just afraid of ASSS because they have this preconceived notion that you have to know how to program to be able to use it because it's too complex - which is entirely false. Honestly, the biggest difference any sysop (familiar with subgame) needs to take into consideration is the structure, which takes as long to learn as Subgame does. Other than that, you lose more reluctantly sticking with Subgame than moving on to a more modern system; it's like trying to run a business in the 21st century on Windows 95 - it works, but you won't get very far. |
|
Back to top |
|
|
Cheese Wow Cheese is so helpful!
Joined: Mar 18 2007 Posts: 1017 Offline
|
Posted: Tue Nov 03, 2009 2:33 am Post subject: |
|
|
|
|
was it really necessary to set the sinking ship on fire? :( |
|
Back to top |
|
|
Grelminar Creator of Asss
Joined: Feb 26 2003 Posts: 378 Offline
|
Posted: Tue Nov 03, 2009 7:02 am Post subject: |
|
|
|
|
Take a look at main.c: if you put a directory on the command line, asss will chdir to it before doing anything else.
For locking down an asss install, there's a preprocessor define that you can add to disable ?insmod and similar: CFG_NO_RUNTIME_LOAD. With that, the only modules loaded will be the ones in modules.conf. You still need to find some way to protect modules.conf, though. It would be easy to add a new parameter to tell it to find modules.conf somewhere else. Also look at CFG_RESTRICT_MODULE_PATH and the module search paths. |
|
Back to top |
|
|
|