Server Help

[L.C.]

Problems:
* Zone does not show up in any of the directory servers
* Zone does not connect to Snrrrub's Isometry when all possible information was supplied correctly (?)

Version of ASSS:
1.4.4

global.conf

[Hakaku]

For the directory server:
- In modules.conf, make sure the 'directory' module is uncommented.

Code: Show/Hide security:security directory billing ;; if you're using a billing server, you'll probably want to use this: ;billing_ssc

For the biller, it depends what kind of biller you're using. If it's a TCP biller, you should be using the 'billing' module. If it's a UDP biller, you should be using the 'billing_ssc' module. I'm guessing Isometry is the latter, so you should comment billing, and uncomment billing_ssc.

[L.C.]

Ok, thanks! I didn't know about this.

[Cheese]

[L.C.]

Yeah ... for some reason running "asss.exe .." does not work while it would on my laptop. :\ I can't remember if I tested this on the server though before passing it through TCAdmin. I'll have to try it...

EDIT:
This works:
1) cd C:\Documents and Settings\qwerty\Desktop\asss-1.4.4\asss-1.4.4\bin
2) asss.exe ..

This does not:
1) C:\Documents and Settings\qwerty\Desktop\asss-1.4.4\asss-1.4.4\bin\asss.exe ..
Generates the error that it "can't open 'C:\Documents '"

This does not:
1) "C:\Documents and Settings\qwerty\Desktop\asss-1.4.4\asss-1.4.4\bin\asss.exe .."
Generates the error that '"' is not a valid command.



If I move the \asss-1.4.4\ folder to C:\ then...



This works:
1) cd C:\asss-1.4.4\bin
2) asss ..

This does not:
1) C:\asss-1.4.4\bin\asss.exe ..
Generates the following error in command prompt:

[Bak]

Using the asss.bat file is a major security vulnerability.

explain.
_________________
SubSpace Discretion: A Third Generation SubSpace Client

[L.C.]

Users have FTP access to the root directory (which is \asss-1.4.4\), and they are able to modify *.bat files. It's beyond my control. If they can modify *.bat files, they can do a lot of damage or practically take down the whole server.

The usage of *.bat files for game server launching are impractical in the gameserver industry. If in extreme cases a batch file is used, they are in a directory out of reach of a user. With ASSS, this cannot be the case (otherwise it would be fine). Most game servers are launched by their executable with appended parameters. TCAdmin creates an FTP account for each user, and also has a restricted file list. Unfortunately, I am able to modify the contents of asss.bat with my non-administrative TCAdmin user account via FTP.

In all technicality, if someone really wanted to screw the server up, they probability could -- but they would have to have some real incentive and motivation to do it. This is where *.bat files become a problem -- they're too easy. Anyone could easily run some nasty scripts with a *.bat file if they know it is the file being executed and they have start/stop control over it. TCAdmin cannot regulate the contents of a *.bat file. It doesn't take any effort to cause damage to the system if you have access to a *.bat file that is being executed.

In TCAdmin, if you wanted to succeed in taking down the server with a batch file, you would have to have TCAdmin execute a batch file. But if you don't have access to that specific batch file TCAdmin executes, then tough luck. Your only way is by reverse engineering *.dll/executed *.exe files (if you have access to any of the core *.dll/executed *.exe files to begin with).

Most commonly, dedicated servers will have a directory structure where all the core contents are located at root, and then there is a folder with all the game contents. The user only has access to the game contents folder.

With this said, I will admit that Subgame2 could potentially be altered in malicious ways -- but with the inability to modify or upload executables, a person's only chance is with *.dll's. What about ASSS?

EDIT: Of course, I may be wrong in some specific details. I do not know ASSS enough to speak about its security fully, but I do know that the batch file is not safe.

EDIT2: Please also understand that I am not trying to belittle or crucify ASSS or anything. If someone wants Win32 ASSS hosting from me, I'm perfectly fine with that idea.

[Dr Brain]

The working directory has to be the asss root. The executable is in the bin directory. The simple way to run it is:

Code: Show/Hide cd "C:\path\to\asss\" bin\asss.exe

If you're worried about security, run asss on a virtual machine. Preferably a linux VM. You can also use linux for the host OS and run asss in a chroot jail.

Anyone with enough privileges to upload files to an asss system can do anything possible with the privileges of the asss process, with or without .bat files, so don't worry about them.
_________________
Hyperspace Owner

Smong> so long as 99% deaths feel lame it will always be hyperspace to me

[L.C. (College)]

I don't have supreme authorities over the server to do that, and VM costs a lot of money. I will see if I can trick TCAdmin into executing "bin/asss.exe" or moving asss.bat outside again, but having it cd into the ASSS directory before executing.

Thanks for the assistance and advices!

[Dr Brain]

You don't need an enterprise quality VM with a support contract. A freeware version of just about anything would do the job.

[Hakaku]

Why not simply restrict user permissions from having ftp access to asss.bat?

[Doc Flabby]

If you can modify the bat file, you can modify the subgame2.exe file and replace its contents with evil.exe. I fail to see how either makes much difference to security.

The way to secure both is to prevent unauthorised modification..
_________________
Rediscover online gaming. Get Subspace | STF The future...prehaps

[L.C. (College)]

[Hakaku]

Ok, so then why not move asss.bat out of the ftp folder and change directory?

i.e.

Code: Show/Hide @echo off ECHO starting asss... SET PYTHONPATH=C:\Python25\Lib cd /d C:\asss-1.4.3 GOTO START :START C:\asss-1.4.3\bin\asss.exe IF ERRORLEVEL 5 GOTO MODLOAD IF ERRORLEVEL 4 GOTO MODCONF IF ERRORLEVEL 3 GOTO OOM IF ERRORLEVEL 2 GOTO GENERAL IF ERRORLEVEL 1 GOTO RECYCLE IF ERRORLEVEL 0 GOTO SHUTDOWN . . .

By that same token, you should be able to do this in the command prompt:

Code: Show/Hide cd /d C:\asss-1.4.3 SET PYTHONPATH=C:\Python25\Lib C:\asss-1.4.3\bin\asss.exe

Both ways work fine for me.

[Bak]

Anyone with sysop access can upload a binary file (.dll) within asss and execute it by using ?insmod or modifying modules.conf, allowing you to do just about anything. Alternatively, with just FTP you can overwrite asss.exe to be a malicious executable. If you are restricting the executables permissions, why not just run a terminal to run asss.bat, and restrict the terminal's permissions?

cmd.exe /c asss.bat

[L.C.]

Refer to my post:

[Hakaku]

[Cheese]

was it really necessary to set the sinking ship on fire? :(

[Grelminar]

Take a look at main.c: if you put a directory on the command line, asss will chdir to it before doing anything else.

For locking down an asss install, there's a preprocessor define that you can add to disable ?insmod and similar: CFG_NO_RUNTIME_LOAD. With that, the only modules loaded will be the ones in modules.conf. You still need to find some way to protect modules.conf, though. It would be easy to add a new parameter to tell it to find modules.conf somewhere else. Also look at CFG_RESTRICT_MODULE_PATH and the module search paths.