Crystal Space
Welcome, Guest. Please login or register.
October 01, 2014, 05:32:15 am

Login with username, password and session length
Search:     Advanced search
9020 Posts in 2053 Topics by 8557 Members
Latest Member: Mstiopcarl03
* Home Help Search Login Register
+  Crystal Space
|-+  Crystal Space Development
| |-+  General Crystal Space Discussion
| | |-+  How secure is Crystal Space
« previous next »
Pages: [1] Print
Author Topic: How secure is Crystal Space  (Read 5498 times)
dominic
Newbie
*
Posts: 25


View Profile
« on: July 21, 2005, 08:38:33 pm »

I'm wondering, how secure is Crystal Space.  Is it safe to ask Crystal Space's loader (not a custom loader) to load map files and models and stuff like that wich come from an untrusted source ?
« Last Edit: July 26, 2005, 12:00:31 pm by dominic » Logged
jorrit
Administrator
Hero Member
*****
Posts: 1706


View Profile
« Reply #1 on: July 21, 2005, 08:45:20 pm »

I'm wondering, how secure is Crystal Space.  Is it safe to ask Crystal Space's loader (not a custom loader) to load map files and models and stuff like that wich come from an untrusted source ?

We have done absolutely nothing for security. This is really not an issue for CS for us. So no. CS is not secure at all.

Greetings,
Logged
dominic
Newbie
*
Posts: 25


View Profile
« Reply #2 on: July 21, 2005, 09:11:08 pm »

We have done absolutely nothing for security. This is really not an issue for CS for us. So no. CS is not secure at all.

Greetings,
What about multiplayer games ?  I'm shure I'm not the only one wanting to create a multiplayer game with Crystal Space.  In fact, PlaneShift is a multiplayer game using CS.  Security IS an issue for ANY library that could be used in a networked environment.  I hope this will be fixed soon, or I will have to either change engine or write my own loader.  Unfortunatly, the second option would take forever.  And the first would require lots of research.  CS is the only suitable engine I have found for my game.  Other engines either work with dsp trees or manage only exterior scenes.  I can't use dsp in my game because I want to be able to break through any wall.  However, the biggest problem with this, is that some people probably think that it IS safe, since there are no warnings in the doc.

Thanks
« Last Edit: July 21, 2005, 09:18:09 pm by dominic » Logged
jorrit
Administrator
Hero Member
*****
Posts: 1706


View Profile
« Reply #3 on: July 22, 2005, 05:37:07 am »

We have done absolutely nothing for security. This is really not an issue for CS for us. So no. CS is not secure at all.

Greetings,
What about multiplayer games ?  I'm shure I'm not the only one wanting to create a multiplayer game with Crystal Space.  In fact, PlaneShift is a multiplayer game using CS.  Security IS an issue for ANY library that could be used in a networked environment.  I hope this will be fixed soon, or I will have to either change engine or write my own loader.  Unfortunatly, the second option would take forever.  And the first would require lots of research.  CS is the only suitable engine I have found for my game.  Other engines either work with dsp trees or manage only exterior scenes.  I can't use dsp in my game because I want to be able to break through any wall.  However, the biggest problem with this, is that some people probably think that it IS safe, since there are no warnings in the doc.

Thanks

Multiplayer games are fine with CS. But then security is up to the game and not to CS. i.e. you build your security in the game network interface itself (this is how PlaneShift works). The networking module doesn't directly touch any CS code. It just transfers packets from client to server and server to client. Security on CS side doesn't matter there.

Greetings,
Logged
dominic
Newbie
*
Posts: 25


View Profile
« Reply #4 on: July 22, 2005, 07:35:38 pm »

Multiplayer games are fine with CS. But then security is up to the game and not to CS. i.e. you build your security in the game network interface itself (this is how PlaneShift works). The networking module doesn't directly touch any CS code. It just transfers packets from client to server and server to client. Security on CS side doesn't matter there.

Greetings,
I have revised the LoadMapFile.  I have not finished but so far it looks fine when it comes to "undefined behaviors" possibilities.  Errors seem to be checked and buffers bounds enforced (Except for ReportError() and ReportWarning() in csloader.cpp, but these have been fixed in the CVS).  Actually, all (if I recall well) of CS source that I have looked at seem to follow this philosophy.  I guess the main concern with the map loader would be with plugins that could be insecure.  In many multiplayer games today, the server can send maps and models to clients when they don't have them and this is supposed to be as secur as oppening a HTML page on the Web.  I intend to do the same in my game.
Since CS is well written, I guess it would not be much work to make opening a map or model file trough the provided loader as secure as opening a .png or .mp3.  Maybe a CS security subproject could be created to fix this.  Since I'm already busy with my own game, I could not lead it, but I could participate a little.

Greetings
Logged
morgul
Newbie
*
Posts: 20


View Profile Email
« Reply #5 on: August 08, 2005, 08:28:46 pm »

As Jorrit said, security is up to the game, not the engine. My project (a MMORPG) has to face some of the concerns you've raised. Basically, we simply only trust things that come across the network (from the server). 'Undefined behaviours' aren't a problem... because we ignore them in our game logic. All other security concerns are taken care of be similiare methods. It's actually pretty easy.

--Morgul
Logged
dominic
Newbie
*
Posts: 25


View Profile
« Reply #6 on: August 09, 2005, 02:40:56 pm »

As Jorrit said, security is up to the game, not the engine. My project (a MMORPG) has to face some of the concerns you've raised. Basically, we simply only trust things that come across the network (from the server). 'Undefined behaviours' aren't a problem... because we ignore them in our game logic. All other security concerns are taken care of be similiare methods. It's actually pretty easy.

--Morgul
Well, I have continued my evaluation of the loader's source.  I'm not finished and I won't, but if you want some good piece of advice, DON'T load any XML file that comes from an untrusted source using the Crystal Space XML plugins (be it tinyXML or the other one I forgot the name of).

-- greetings
Logged
res
Develazyoper
CS Developer
Full Member
*****
Posts: 206


View Profile Email
« Reply #7 on: August 15, 2005, 03:25:24 pm »

Well, I have continued my evaluation of the loader's source.  I'm not finished and I won't, but if you want some good piece of advice, DON'T load any XML file that comes from an untrusted source using the Crystal Space XML plugins (be it tinyXML or the other one I forgot the name of).

Of course, feel free to inform us about the issues you find.
Still, CS doesn't have concepts of "trust" - if such a thing is desired, it's really up to the application to check that a data source is legit.
Logged
dominic
Newbie
*
Posts: 25


View Profile
« Reply #8 on: August 15, 2005, 08:56:59 pm »

Of course, feel free to inform us about the issues you find.
Still, CS doesn't have concepts of "trust" - if such a thing is desired, it's really up to the application to check that a data source is legit.
Who shall I contact about this ?  Or should I simply state these issues here (I'm not shure it would be wise) ?
Logged
jorrit
Administrator
Hero Member
*****
Posts: 1706


View Profile
« Reply #9 on: August 15, 2005, 09:05:32 pm »

Of course, feel free to inform us about the issues you find.
Still, CS doesn't have concepts of "trust" - if such a thing is desired, it's really up to the application to check that a data source is legit.
Who shall I contact about this ?  Or should I simply state these issues here (I'm not shure it would be wise) ?

Why not? CS is Open Source. Anyone can find these issues. I'd rather be open about them.

Greetings,
Logged
res
Develazyoper
CS Developer
Full Member
*****
Posts: 206


View Profile Email
« Reply #10 on: August 15, 2005, 09:06:47 pm »

Who shall I contact about this ?  Or should I simply state these issues here (I'm not shure it would be wise) ?

I don't think publishing the issues would lead to a sudden flood of exploits targetting CS, so any communication facility (be it this forum, or be it the mailing list) is probably okay.
If it makes you more comfortable, just mail the info to me and/or Jorrit and/or any other CS dev.
Logged
dominic
Newbie
*
Posts: 25


View Profile
« Reply #11 on: August 20, 2005, 08:33:05 pm »

I have made a patch for the vulnerabilities I have found.  I don't guarantee it will work, I haven't tested it, but it is very simple, so if something is wrong with them, you won't have much problem solving it.  I made it against the most recent CVS version of the affected files.  I haven't posted it on the sourceForge page yet, because I haven't tested it.
My very first patch for someone else's code.  smiley

Greetings

* csxmlpatch.txt (3.37 KB - downloaded 229 times.)
Logged
jorrit
Administrator
Hero Member
*****
Posts: 1706


View Profile
« Reply #12 on: August 20, 2005, 08:35:30 pm »

I have made a patch for the vulnerabilities I have found.  I don't guarantee it will work, I haven't tested it, but it is very simple, so if something is wrong with them, you won't have much problem solving it.  I made it against the most recent CVS version of the affected files.  I haven't posted it on the sourceForge page yet, because I haven't tested it.
My very first patch for someone else's code.  smiley

Greetings

At first glance that patch looks ok. If I find a little time I'll try to submit it. Please if this hasn't been done in a few days from now then remind me by replying to this thread (I'll get a mail then).

Greetings,
Logged
dominic
Newbie
*
Posts: 25


View Profile
« Reply #13 on: August 20, 2005, 08:39:09 pm »

Ok, thanks
Logged
res
Develazyoper
CS Developer
Full Member
*****
Posts: 206


View Profile Email
« Reply #14 on: August 20, 2005, 09:24:47 pm »

At first glance that patch looks ok. If I find a little time I'll try to submit it.

I've fixed the issues in the patch, though differently; I just used csStrings instead of a char arrays.
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
Page created in 7.588 seconds with 14 queries.