Yeah, that is ok. But I can't believe that players can install a client side mod at the client. They should be downloaded from the serverLinuxdirk wrote: It is. As I was told client-side mods can see anything that the client can already see. And since the client can see all ores client-side mods can see them, too.
Client-sided modding: Good or bad?
Re: Client-sided modding: Good or bad?
-
- Member
- Posts: 818
- Joined: Tue Apr 14, 2015 01:59
- GitHub: raymoo
- IRC: Hijiri
- In-game: Raymoo + Clownpiece
Re: Client-sided modding: Good or bad?
Why is mod messaging worse than formspecs? In both cases, the server receives some (possibly forged and invalid) strings from the client, and mod code needs to interpret these strings. Why is the text in a mod channel more dangerous than the text from a text field from a formspec?bell07 wrote:A client<->server / mod <-> mod messaging presupposes a mod at the server site provide an additional sender/receiver. Such sender/receiver is always an additional risk like an open TCP-port.I don't see any issue with gameplay-relevant client<->server messaging since players can already send bad formspec submissions
The most mods are not under control of minetest_mods or minetest_game and do not follow any security guidelines (not needed before). But if I provide an eye-catcher mod with not secured message channel any server owner installs a backdoor by installing such mod. I thing many people does look to screenshots only but not to the code before installing a mod. Of course such issue will be reported and fixed soon, but the area for possible attacks will grow with each additional mod that provides a sender/receiver server site.
I'm also skeptical of any attacks that could ruin anything outside of the game or provide a real backdoor, unless the mod calls loadstring on parts of the message from an insecure environment (or with mod trust turned off). This is a very rare case and I have only seen it used for mods that are explicitly lua interpreters, in which case they already do sandboxing.
Could you please:
A) Demonstrate that mod message channels are significantly more dangerous than formspecs
B) Separately, give an example of an exploit enabled by message channels (or formspecs) that does not rely on the server-side mod using loadstring or similar functions, and which could cause lasting undesired behavior outside of minetest. This exploit should still work with mod security turned on (otherwise the solution is just for Minetest to require mod security in order to use mod channels).
For A, there's the case where minetest.deserialize can run functions if they are in the serialized data, but I hardly think that's a fatal security flaw, since minetest.parse_json and minetest.write_json could be used instead (and have warnings to use them plastered over the mod channels API). With mod security turned on (and assuming the server has not imported into the global environment a package that can be used to set up a server to listen for commands), it's not something that could create a backdoor, either. minetest.deserialize isn't as big of a problem for formspecs because it's unlikely that a mod will try to interpret player formspec input as serialized data.
EDIT: I like the idea of client mods sent by the server, but I don't like that clients can enable their own client mods (which is the only kind of client mod currently supported). Yes, a cheater could compile a modified client, but I think having client mods loaded from the client makes the barrier to cheating too low, compared to if the player had to recompile Minetest with cheats or seek out a modified build from someone else.
Every time a mod API is left undocumented, a koala dies.
- Linuxdirk
- Member
- Posts: 3218
- Joined: Wed Sep 17, 2014 11:21
- In-game: Linuxdirk
- Location: Germany
- Contact:
Re: Client-sided modding: Good or bad?
Yes, exactly THIS is an issue here. OF COURSE it is possible to modify the code and create a "hacked client" that allows a lot of shit on servers even when the user account does not have the sufficient permissions.Byakuren wrote:Yes, a cheater could compile a modified client, but I think having client mods loaded from the client makes the barrier to cheating too low, compared to if the player had to recompile Minetest with cheats or seek out a modified build from someone else.
But since I started playing Minetest a few years ago there was exactly ONE client that was built with cheating in mind. But the mod releases sub-forum contains 868 topics (mods). With CSM cheating becomes one of the easiest things possible in Minetest. No need to "hack", no need to recompile with changed code, no need to use exploits, simply use a few lines of documented API calls in an officially supported client-side mod.
Re: Client-sided modding: Good or bad?
A) No, it is not more dangerous than formspecs, it is equal dangerous. The point is each message channel is additional danger on top of the formspecs danger.Byakuren wrote:Could you please:
A) Demonstrate that mod message channels are significantly more dangerous than formspecs
B) Separately, give an example of an exploit enabled by message channels (or formspecs) that does not rely on the server-side mod using loadstring or similar functions, and
B) No I cannot demonstrate anything because message channels are'nt implemented currently (https://github.com/minetest/minetest/issues/5390). I like the idea, the real potential of CSM is given only if mod2mod message bus exists. Without them it will be hard to follow the client-server concept in modding. And I like to talk about it before it is implemented.
The formspec is currently implemented in the way as you propose for the client-mods. The server creates the formspec and send them to the client. Of course the client can modify the formspec, but usually it is used as is and send data back as expected.
Client-site installable mods gets in addition the compatibility issue between the client and server. To stay with the formspec example: If formspecs could be installed client-site the situation can happen the client uses an old version of formspec and send data in old way, but the server does have the new one or vice-versa.
+1 the CSM mods should follow the existing formspec strategy and be downloaded from server and not installable directly (like JS in web)
But at the other site client-installable mods could be useful for "Enhanced texturepacks" or something like, But such mods should send nothing to the server.
EDIT:Previous it was from server point of view, but I am unsure if I am happy as player if unknown lua code is automatically downloaded from server and executed on my client during connection. So -1 and I am back to +/-0
Re: Client-sided modding: Good or bad?
Ok then another way - server send only ore location in sphere radius of player location.red-001 wrote:send the surface nodes is possible but you have to ask yourself is the extra load on the server .
red-001 wrote:Anyway since you asked for a full list of cheats possible in minetest in general, here is one:
Seems unreachable at first glance. Really, how server may detect player fly if player's hacked client send permanent walkGround position till player suspiciously fly around with 500 or more look distance.red-001 wrote:fast & fly
Useles in most case till ore locations send by server.red-001 wrote:xray & noclip & wireframe
Separate mapgen code in 2 part
1 mapgen without ore producing formula - client and server
2 ore gen part - only server - oops client don't calculate any data for ore
Yes, double a mapgen code to serverside is a cost for CSM improving.
But, MT low cost computation is target more on client so server may be load tiny more than client.
At end, when MT run as 'singleplayer' most anticheat logic in server part will off and don't decrease MT performance.
it's sad but server must control changing world by fluids because all players must see same environment.red-001 wrote:drowning/lava damage
it's good because HP etc in this case controlled by server.
For server it seems as insideCalculatedTransaction - server immediately know result of fall and without waiting send it client, but If player for example used alpenstock success inside transaction brunch then current transaction will rollback and new transaction rise.red-001 wrote:fall damage
Not so useful for cheaters than ore detectionred-001 wrote:full bright
I am a noob. still yet. Not so noob ) [vml] WIP and a little proof for fun PlantedTorch )))
MT Strike 78a36b468554d101e0be3b0d1f587a555f396452 Great! Somebody have found it )
"My english isn't well" I know. I'm sorry )
MT Strike 78a36b468554d101e0be3b0d1f587a555f396452 Great! Somebody have found it )
"My english isn't well" I know. I'm sorry )
- Hybrid Dog
- Member
- Posts: 2828
- Joined: Thu Nov 01, 2012 12:46
- GitHub: HybridDog
- TumeniNodes
- Member
- Posts: 2941
- Joined: Fri Feb 26, 2016 19:49
- GitHub: TumeniNodes
- IRC: tumeninodes
- In-game: TumeniNodes
- Location: in the dark recesses of the mind
- Contact:
Re: Client-sided modding: Good or bad?
CLient side modding is something people have been asking for, for quite some time now... and now that it is a "thing" people are concerned... :P
I can definitely understand people's confusion, in regards to a lack of full instructions but, it is still a new feature.
There are just not enough devs to focus on detailed wiki info... so they just add the basics.
If someone were to be able to offer to put the time into available info that would be great.
But it would need to be someone who understands it, (which is hard right now because it is new and will have bugs to be worked out), and there is potential which no one has yet exploited / explored.
It would be even better if a new, small team could be put together which focuses on csm, as a separate dev team, so that the current devs can continue focusing on the work they do.
Breaking to focus on all the info, would stall them from work they are currently doing...
This would be the procedure, in a commercially developed software.
New people would be hired and a new team assembled to focus on such a big, new, additional feature, so that everything else could remain on-task..., and keep running smoothly with no hicups.
But all of this comes down to there being enough people who are
#1 - able and acknowledged by the existing dev teams,
and #2 - willing to commit some of their time to the work involved.
That's how all this stuff works.
Any takers? I know I'm not qualified..., I'm just an artist, and I don't even understand half of what I do when making basic/simple mods :D
I can definitely understand people's confusion, in regards to a lack of full instructions but, it is still a new feature.
There are just not enough devs to focus on detailed wiki info... so they just add the basics.
If someone were to be able to offer to put the time into available info that would be great.
But it would need to be someone who understands it, (which is hard right now because it is new and will have bugs to be worked out), and there is potential which no one has yet exploited / explored.
It would be even better if a new, small team could be put together which focuses on csm, as a separate dev team, so that the current devs can continue focusing on the work they do.
Breaking to focus on all the info, would stall them from work they are currently doing...
This would be the procedure, in a commercially developed software.
New people would be hired and a new team assembled to focus on such a big, new, additional feature, so that everything else could remain on-task..., and keep running smoothly with no hicups.
But all of this comes down to there being enough people who are
#1 - able and acknowledged by the existing dev teams,
and #2 - willing to commit some of their time to the work involved.
That's how all this stuff works.
Any takers? I know I'm not qualified..., I'm just an artist, and I don't even understand half of what I do when making basic/simple mods :D
A Wonderful World
- rubenwardy
- Moderator
- Posts: 6972
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: Client-sided modding: Good or bad?
There's been way more than this. Loads of people have made them, including me after being told that it was possible whilst playing a server in 2012... Cheat clients was a big problem in ctf, there was one at least once a week.Linuxdirk wrote:exactly ONE client that was built with cheating in mind
Currently all CSM allows you to cheat with is node detection, but this can be prevented by limiting the use of get_node. This is also hardly a problem, as finding ores isn't that hard with proper mining techniques. The only thing it would be useful for is not missing nyancats, which are so rare anyway
-
- Member
- Posts: 818
- Joined: Tue Apr 14, 2015 01:59
- GitHub: raymoo
- IRC: Hijiri
- In-game: Raymoo + Clownpiece
Re:
The benefit is that you don't need to build or know how to build minetest from source. You still need to know how minetest works if you are editing the source code, anyway. This benefit is more pronounced on mobile, where users are less likely to be able to build and deploy their custom Minetest on their phone, and where it is harder for people distributing cheat-enabled clients to publish them.Hybrid Dog wrote:There's no benefit for cheaters. When editing source code you can do a lot more, whereas when using CSM, you have to be aware of how minetest works (see source code).
Every time a mod API is left undocumented, a koala dies.
- Hybrid Dog
- Member
- Posts: 2828
- Joined: Thu Nov 01, 2012 12:46
- GitHub: HybridDog
Re: Client-sided modding: Good or bad?
It would be nice, but only if the server can allowed or disallowed mods.
- Linuxdirk
- Member
- Posts: 3218
- Joined: Wed Sep 17, 2014 11:21
- In-game: Linuxdirk
- Location: Germany
- Contact:
Re: Client-sided modding: Good or bad?
All of this would not be a big deal if there was a server flag disabling the use of CSM when connected to the server.
Honest players can't cheat anymore and server owners do not worry about CSM anymore. Dishonest players will still be an issue, but then cheating will be more than copying a folder into another folder for them.
Honest players can't cheat anymore and server owners do not worry about CSM anymore. Dishonest players will still be an issue, but then cheating will be more than copying a folder into another folder for them.
Re: Client-sided modding: Good or bad?
And then you hack the client to disable the function to disable csmLinuxdirk wrote:All of this would not be a big deal if there was a server flag disabling the use of CSM when connected to the server.
Honest players can't cheat anymore and server owners do not worry about CSM anymore. Dishonest players will still be an issue, but then cheating will be more than copying a folder into another folder for them.
- kaadmy
- Member
- Posts: 706
- Joined: Thu Aug 27, 2015 23:07
- GitHub: kaadmy
- IRC: KaadmY
- In-game: KaadmY kaadmy NeD
Re: Client-sided modding: Good or bad?
Then you could hack the server to hack the client to disable the disability to ignore csmburli wrote:And then you hack the client to disable the function to disable csmLinuxdirk wrote:All of this would not be a big deal if there was a server flag disabling the use of CSM when connected to the server.
Honest players can't cheat anymore and server owners do not worry about CSM anymore. Dishonest players will still be an issue, but then cheating will be more than copying a folder into another folder for them.
Re: Client-sided modding: Good or bad?
The server doesn't know if there is a script running on the client or not. For example oredetect. This runs completely on the client without any notification to the server. No chance to block that.
Perfect for cheaters. I tried it on a server. I found enough diamonds for a full armor and tool set. I don't use them. Was just a test. Maybe I will place them in a loot chest for the first one who finds it
Perfect for cheaters. I tried it on a server. I found enough diamonds for a full armor and tool set. I don't use them. Was just a test. Maybe I will place them in a loot chest for the first one who finds it
- Linuxdirk
- Member
- Posts: 3218
- Joined: Wed Sep 17, 2014 11:21
- In-game: Linuxdirk
- Location: Germany
- Contact:
Re: Client-sided modding: Good or bad?
If you can hack the client yo don't need CSM.burli wrote:And then you hack the client to disable the function to disable csm
The client sends a flag "please do not enable CSM for this session" and the client respects that flag and disables CSM for the session.burli wrote:The server doesn't know if there is a script running on the client or not. For example oredetect. This runs completely on the client without any notification to the server. No chance to block that.
If this were about online advertising I'd not talk about AdBlock here, I'd talk about the do-not-track-header.
Re: Client-sided modding: Good or bad?
Supporting client side modding is good, since it'll happen anyway. Things like xray mods will exist, but the solution should be mods for servers that don't load ores until players are close, mods that check that player movement is within reason, things like that.
The ability to have server side mods makes most of CSM useless, since you can give players things like minimaps without telling them they need to go download a mod themselves. But not all players are going to want those mods, and some servers might not bundle it but not mind if someone uses it. Some people might like custom HUDs, and that should be their choice as long as the server is enforcing the standard inventory limits.
All that being said, almost everything about minetest would have to be server side so the players can't use mods to cheat like changing how much damage they receive.
The ability to have server side mods makes most of CSM useless, since you can give players things like minimaps without telling them they need to go download a mod themselves. But not all players are going to want those mods, and some servers might not bundle it but not mind if someone uses it. Some people might like custom HUDs, and that should be their choice as long as the server is enforcing the standard inventory limits.
All that being said, almost everything about minetest would have to be server side so the players can't use mods to cheat like changing how much damage they receive.
- Glory!
- Member
- Posts: 92
- Joined: Thu Apr 30, 2015 17:45
- GitHub: Glory7000
- In-game: Glory7000
- Location: Kernel Debugging Land <3
Re: Client-sided modding: Good or bad?
My only arguments are ambiance_sounds, weather_effects, formspec_editor and chat_log.
Behold the Razgriz, its wings of black sheath. :: My skin A competitor that unfortunately needs attention to stay afloat.
- Wuzzy
- Member
- Posts: 4786
- Joined: Mon Sep 24, 2012 15:01
- GitHub: Wuzzy2
- IRC: Wuzzy
- In-game: Wuzzy
- Contact:
Re: Client-sided modding: Good or bad?
Regarding ambient sounds: Wouldn't it make more sense to provide a powerful ambient sound API?
Regarding chat log: Sounds like a core feature to me.
Regarding chat log: Sounds like a core feature to me.
-
- Member
- Posts: 41
- Joined: Sun Mar 26, 2017 23:23
- GitHub: Grandolf
- IRC: Grandolf
- In-game: Grandolf
- Location: USA
- Contact:
Re: Client-sided modding: Good or bad?
If there was some way for servers to detect the client side mods their players were useing i would be about 80% for client based mods, however, its not like that. client based mods have already been added, so im a bit late in saying this, but its only just catching. Also could the core devs please add something to the minetest engine that lets admins see what client based mods people are useing? Heres an example of why: viewtopic.php?t=17046 there are going to be many more to come.
My server, Metropolis viewtopic.php?f=10&t=19191
-
- Member
- Posts: 818
- Joined: Tue Apr 14, 2015 01:59
- GitHub: raymoo
- IRC: Hijiri
- In-game: Raymoo + Clownpiece
Re: Client-sided modding: Good or bad?
Savvy cheaters will just rename the mod to evade detection. Even unsavvy cheaters might do it if the mod instructs them to change the name to something that looks benign.Grandolf wrote:If there was some way for servers to detect the client side mods their players were useing i would be about 80% for client based mods, however, its not like that. client based mods have already been added, so im a bit late in saying this, but its only just catching. Also could the core devs please add something to the minetest engine that lets admins see what client based mods people are useing? Heres an example of why: viewtopic.php?t=17046 there are going to be many more to come.
Every time a mod API is left undocumented, a koala dies.
Re: Client-sided modding: Good or bad?
I'm entirely amazed and amused by the fact that there is actually a debate about the possibility to hack the client with CSM.
Lets be real. we are talking about an open source software and granted CSM may or may not make it easier for people to hack their clients.... but lets be honest. ANYONE that wants to cheat will do it, one way or another they will find a way.
Blocking or trying to block features through fear of something that can and does already happen anyway is ludicrous.
imo
Lets be real. we are talking about an open source software and granted CSM may or may not make it easier for people to hack their clients.... but lets be honest. ANYONE that wants to cheat will do it, one way or another they will find a way.
Blocking or trying to block features through fear of something that can and does already happen anyway is ludicrous.
imo
- Linuxdirk
- Member
- Posts: 3218
- Joined: Wed Sep 17, 2014 11:21
- In-game: Linuxdirk
- Location: Germany
- Contact:
Re: Client-sided modding: Good or bad?
Because copying a folder into another folder is the exact same thing as downloading the source, modifying the C++ code, and compiling the modified source into a modified client, right?crazyR wrote:I'm entirely amazed and amused by the fact that there is actually a debate about the possibility to hack the client with CSM.
Re: Client-sided modding: Good or bad?
you have heard of the internet right? the information to learn how to do pretty much anything you want is right at your fingertips.
I'll repeat what i said before, anybody that wants to cheat WILL find a way, Making it harder to cheat is something that every game developer has tried for years and has never worked. even for closed source games.
I'll repeat what i said before, anybody that wants to cheat WILL find a way, Making it harder to cheat is something that every game developer has tried for years and has never worked. even for closed source games.
- Linuxdirk
- Member
- Posts: 3218
- Joined: Wed Sep 17, 2014 11:21
- In-game: Linuxdirk
- Location: Germany
- Contact:
Re: Client-sided modding: Good or bad?
And MT developers deliberately made it EASIER to cheat.crazyR wrote:Making it harder to cheat is something that every game developer has tried for years ...
Who is online
Users browsing this forum: No registered users and 7 guests