Client-sided modding: Good or bad?

Do you think client-sided modding is a good feature in Minetest?

Yes.
54
73%
No.
13
18%
I don't know or I don't care.
7
9%
 
Total votes: 74

User avatar
burli
Member
Posts: 1643
Joined: Fri Apr 10, 2015 13:18

Re: Client-sided modding: Good or bad?

by burli » Post

Linuxdirk wrote: It is. As I was told client-side mods can see anything that the client can already see. And since the client can see all ores client-side mods can see them, too.
Yeah, that is ok. But I can't believe that players can install a client side mod at the client. They should be downloaded from the server

Byakuren
Member
Posts: 818
Joined: Tue Apr 14, 2015 01:59
GitHub: raymoo
IRC: Hijiri
In-game: Raymoo + Clownpiece

Re: Client-sided modding: Good or bad?

by Byakuren » Post

bell07 wrote:
I don't see any issue with gameplay-relevant client<->server messaging since players can already send bad formspec submissions
A client<->server / mod <-> mod messaging presupposes a mod at the server site provide an additional sender/receiver. Such sender/receiver is always an additional risk like an open TCP-port.
The most mods are not under control of minetest_mods or minetest_game and do not follow any security guidelines (not needed before). But if I provide an eye-catcher mod with not secured message channel any server owner installs a backdoor by installing such mod. I thing many people does look to screenshots only but not to the code before installing a mod. Of course such issue will be reported and fixed soon, but the area for possible attacks will grow with each additional mod that provides a sender/receiver server site.
Why is mod messaging worse than formspecs? In both cases, the server receives some (possibly forged and invalid) strings from the client, and mod code needs to interpret these strings. Why is the text in a mod channel more dangerous than the text from a text field from a formspec?

I'm also skeptical of any attacks that could ruin anything outside of the game or provide a real backdoor, unless the mod calls loadstring on parts of the message from an insecure environment (or with mod trust turned off). This is a very rare case and I have only seen it used for mods that are explicitly lua interpreters, in which case they already do sandboxing.

Could you please:
A) Demonstrate that mod message channels are significantly more dangerous than formspecs
B) Separately, give an example of an exploit enabled by message channels (or formspecs) that does not rely on the server-side mod using loadstring or similar functions, and which could cause lasting undesired behavior outside of minetest. This exploit should still work with mod security turned on (otherwise the solution is just for Minetest to require mod security in order to use mod channels).

For A, there's the case where minetest.deserialize can run functions if they are in the serialized data, but I hardly think that's a fatal security flaw, since minetest.parse_json and minetest.write_json could be used instead (and have warnings to use them plastered over the mod channels API). With mod security turned on (and assuming the server has not imported into the global environment a package that can be used to set up a server to listen for commands), it's not something that could create a backdoor, either. minetest.deserialize isn't as big of a problem for formspecs because it's unlikely that a mod will try to interpret player formspec input as serialized data.

EDIT: I like the idea of client mods sent by the server, but I don't like that clients can enable their own client mods (which is the only kind of client mod currently supported). Yes, a cheater could compile a modified client, but I think having client mods loaded from the client makes the barrier to cheating too low, compared to if the player had to recompile Minetest with cheats or seek out a modified build from someone else.
Every time a mod API is left undocumented, a koala dies.

User avatar
Linuxdirk
Member
Posts: 3218
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Client-sided modding: Good or bad?

by Linuxdirk » Post

Byakuren wrote:Yes, a cheater could compile a modified client, but I think having client mods loaded from the client makes the barrier to cheating too low, compared to if the player had to recompile Minetest with cheats or seek out a modified build from someone else.
Yes, exactly THIS is an issue here. OF COURSE it is possible to modify the code and create a "hacked client" that allows a lot of shit on servers even when the user account does not have the sufficient permissions.

But since I started playing Minetest a few years ago there was exactly ONE client that was built with cheating in mind. But the mod releases sub-forum contains 868 topics (mods). With CSM cheating becomes one of the easiest things possible in Minetest. No need to "hack", no need to recompile with changed code, no need to use exploits, simply use a few lines of documented API calls in an officially supported client-side mod.

bell07
Member
Posts: 604
Joined: Sun Sep 04, 2016 15:15
GitHub: bell07

Re: Client-sided modding: Good or bad?

by bell07 » Post

Byakuren wrote:Could you please:
A) Demonstrate that mod message channels are significantly more dangerous than formspecs
B) Separately, give an example of an exploit enabled by message channels (or formspecs) that does not rely on the server-side mod using loadstring or similar functions, and
A) No, it is not more dangerous than formspecs, it is equal dangerous. The point is each message channel is additional danger on top of the formspecs danger.

B) No I cannot demonstrate anything because message channels are'nt implemented currently (https://github.com/minetest/minetest/issues/5390). I like the idea, the real potential of CSM is given only if mod2mod message bus exists. Without them it will be hard to follow the client-server concept in modding. And I like to talk about it before it is implemented.


The formspec is currently implemented in the way as you propose for the client-mods. The server creates the formspec and send them to the client. Of course the client can modify the formspec, but usually it is used as is and send data back as expected.
Client-site installable mods gets in addition the compatibility issue between the client and server. To stay with the formspec example: If formspecs could be installed client-site the situation can happen the client uses an old version of formspec and send data in old way, but the server does have the new one or vice-versa.

+1 the CSM mods should follow the existing formspec strategy and be downloaded from server and not installable directly (like JS in web)

But at the other site client-installable mods could be useful for "Enhanced texturepacks" or something like, But such mods should send nothing to the server.

EDIT:Previous it was from server point of view, but I am unsure if I am happy as player if unknown lua code is automatically downloaded from server and executed on my client during connection. So -1 and I am back to +/-0

Nyarg
Member
Posts: 276
Joined: Sun May 15, 2016 04:32

Re: Client-sided modding: Good or bad?

by Nyarg » Post

red-001 wrote:send the surface nodes is possible but you have to ask yourself is the extra load on the server .
Ok then another way - server send only ore location in sphere radius of player location.
red-001 wrote:Anyway since you asked for a full list of cheats possible in minetest in general, here is one:
red-001 wrote:fast & fly
Seems unreachable at first glance. Really, how server may detect player fly if player's hacked client send permanent walkGround position till player suspiciously fly around with 500 or more look distance.
red-001 wrote:xray & noclip & wireframe
Useles in most case till ore locations send by server.
Separate mapgen code in 2 part
1 mapgen without ore producing formula - client and server
2 ore gen part - only server - oops client don't calculate any data for ore

Yes, double a mapgen code to serverside is a cost for CSM improving.
But, MT low cost computation is target more on client so server may be load tiny more than client.
At end, when MT run as 'singleplayer' most anticheat logic in server part will off and don't decrease MT performance.
red-001 wrote:drowning/lava damage
it's sad but server must control changing world by fluids because all players must see same environment.
it's good because HP etc in this case controlled by server.
red-001 wrote:fall damage
For server it seems as insideCalculatedTransaction - server immediately know result of fall and without waiting send it client, but If player for example used alpenstock success inside transaction brunch then current transaction will rollback and new transaction rise.
red-001 wrote:full bright
Not so useful for cheaters than ore detection
I am a noob. still yet. Not so noob ) [vml] WIP and a little proof for fun PlantedTorch )))
MT Strike 78a36b468554d101e0be3b0d1f587a555f396452 Great! Somebody have found it )
"My english isn't well" I know. I'm sorry )

User avatar
Hybrid Dog
Member
Posts: 2828
Joined: Thu Nov 01, 2012 12:46
GitHub: HybridDog

by Hybrid Dog » Post

There's no benefit for cheaters. When editing source code you can do a lot more, whereas when using CSM, you have to be aware of how minetest works (see source code).

‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪

User avatar
TumeniNodes
Member
Posts: 2941
Joined: Fri Feb 26, 2016 19:49
GitHub: TumeniNodes
IRC: tumeninodes
In-game: TumeniNodes
Location: in the dark recesses of the mind
Contact:

Re: Client-sided modding: Good or bad?

by TumeniNodes » Post

CLient side modding is something people have been asking for, for quite some time now... and now that it is a "thing" people are concerned... :P

I can definitely understand people's confusion, in regards to a lack of full instructions but, it is still a new feature.
There are just not enough devs to focus on detailed wiki info... so they just add the basics.

If someone were to be able to offer to put the time into available info that would be great.
But it would need to be someone who understands it, (which is hard right now because it is new and will have bugs to be worked out), and there is potential which no one has yet exploited / explored.

It would be even better if a new, small team could be put together which focuses on csm, as a separate dev team, so that the current devs can continue focusing on the work they do.
Breaking to focus on all the info, would stall them from work they are currently doing...

This would be the procedure, in a commercially developed software.
New people would be hired and a new team assembled to focus on such a big, new, additional feature, so that everything else could remain on-task..., and keep running smoothly with no hicups.

But all of this comes down to there being enough people who are
#1 - able and acknowledged by the existing dev teams,
and #2 - willing to commit some of their time to the work involved.

That's how all this stuff works.

Any takers? I know I'm not qualified..., I'm just an artist, and I don't even understand half of what I do when making basic/simple mods :D
A Wonderful World

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Client-sided modding: Good or bad?

by rubenwardy » Post

Linuxdirk wrote:exactly ONE client that was built with cheating in mind
There's been way more than this. Loads of people have made them, including me after being told that it was possible whilst playing a server in 2012... Cheat clients was a big problem in ctf, there was one at least once a week.

Currently all CSM allows you to cheat with is node detection, but this can be prevented by limiting the use of get_node. This is also hardly a problem, as finding ores isn't that hard with proper mining techniques. The only thing it would be useful for is not missing nyancats, which are so rare anyway
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

Byakuren
Member
Posts: 818
Joined: Tue Apr 14, 2015 01:59
GitHub: raymoo
IRC: Hijiri
In-game: Raymoo + Clownpiece

Re:

by Byakuren » Post

Hybrid Dog wrote:There's no benefit for cheaters. When editing source code you can do a lot more, whereas when using CSM, you have to be aware of how minetest works (see source code).
The benefit is that you don't need to build or know how to build minetest from source. You still need to know how minetest works if you are editing the source code, anyway. This benefit is more pronounced on mobile, where users are less likely to be able to build and deploy their custom Minetest on their phone, and where it is harder for people distributing cheat-enabled clients to publish them.
Every time a mod API is left undocumented, a koala dies.

User avatar
Hybrid Dog
Member
Posts: 2828
Joined: Thu Nov 01, 2012 12:46
GitHub: HybridDog

by Hybrid Dog » Post

Playing mobile is too inconvenient, don't do it. Cheats don't help you with the most important thing: building and digging individually.
rubenwardy, there is no nyancat

‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Client-sided modding: Good or bad?

by Lejo » Post

It would be nice, but only if the server can allowed or disallowed mods.

User avatar
Linuxdirk
Member
Posts: 3218
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Client-sided modding: Good or bad?

by Linuxdirk » Post

All of this would not be a big deal if there was a server flag disabling the use of CSM when connected to the server.

Honest players can't cheat anymore and server owners do not worry about CSM anymore. Dishonest players will still be an issue, but then cheating will be more than copying a folder into another folder for them.

User avatar
burli
Member
Posts: 1643
Joined: Fri Apr 10, 2015 13:18

Re: Client-sided modding: Good or bad?

by burli » Post

Linuxdirk wrote:All of this would not be a big deal if there was a server flag disabling the use of CSM when connected to the server.

Honest players can't cheat anymore and server owners do not worry about CSM anymore. Dishonest players will still be an issue, but then cheating will be more than copying a folder into another folder for them.
And then you hack the client to disable the function to disable csm

User avatar
kaadmy
Member
Posts: 706
Joined: Thu Aug 27, 2015 23:07
GitHub: kaadmy
IRC: KaadmY
In-game: KaadmY kaadmy NeD

Re: Client-sided modding: Good or bad?

by kaadmy » Post

burli wrote:
Linuxdirk wrote:All of this would not be a big deal if there was a server flag disabling the use of CSM when connected to the server.

Honest players can't cheat anymore and server owners do not worry about CSM anymore. Dishonest players will still be an issue, but then cheating will be more than copying a folder into another folder for them.
And then you hack the client to disable the function to disable csm
Then you could hack the server to hack the client to disable the disability to ignore csm
Never paint white stripes on roads near Zebra crossings.

Pixture

User avatar
burli
Member
Posts: 1643
Joined: Fri Apr 10, 2015 13:18

Re: Client-sided modding: Good or bad?

by burli » Post

The server doesn't know if there is a script running on the client or not. For example oredetect. This runs completely on the client without any notification to the server. No chance to block that.

Perfect for cheaters. I tried it on a server. I found enough diamonds for a full armor and tool set. I don't use them. Was just a test. Maybe I will place them in a loot chest for the first one who finds it

User avatar
Linuxdirk
Member
Posts: 3218
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Client-sided modding: Good or bad?

by Linuxdirk » Post

burli wrote:And then you hack the client to disable the function to disable csm
If you can hack the client yo don't need CSM.

burli wrote:The server doesn't know if there is a script running on the client or not. For example oredetect. This runs completely on the client without any notification to the server. No chance to block that.
The client sends a flag "please do not enable CSM for this session" and the client respects that flag and disables CSM for the session.

If this were about online advertising I'd not talk about AdBlock here, I'd talk about the do-not-track-header.

rendeko
New member
Posts: 8
Joined: Sun May 07, 2017 20:53

Re: Client-sided modding: Good or bad?

by rendeko » Post

Supporting client side modding is good, since it'll happen anyway. Things like xray mods will exist, but the solution should be mods for servers that don't load ores until players are close, mods that check that player movement is within reason, things like that.

The ability to have server side mods makes most of CSM useless, since you can give players things like minimaps without telling them they need to go download a mod themselves. But not all players are going to want those mods, and some servers might not bundle it but not mind if someone uses it. Some people might like custom HUDs, and that should be their choice as long as the server is enforcing the standard inventory limits.

All that being said, almost everything about minetest would have to be server side so the players can't use mods to cheat like changing how much damage they receive.

User avatar
Glory!
Member
Posts: 92
Joined: Thu Apr 30, 2015 17:45
GitHub: Glory7000
In-game: Glory7000
Location: Kernel Debugging Land <3

Re: Client-sided modding: Good or bad?

by Glory! » Post

My only arguments are ambiance_sounds, weather_effects, formspec_editor and chat_log.
Behold the Razgriz, its wings of black sheath. :: My skin A competitor that unfortunately needs attention to stay afloat.

User avatar
Wuzzy
Member
Posts: 4786
Joined: Mon Sep 24, 2012 15:01
GitHub: Wuzzy2
IRC: Wuzzy
In-game: Wuzzy
Contact:

Re: Client-sided modding: Good or bad?

by Wuzzy » Post

Regarding ambient sounds: Wouldn't it make more sense to provide a powerful ambient sound API?

Regarding chat log: Sounds like a core feature to me.

Grandolf
Member
Posts: 41
Joined: Sun Mar 26, 2017 23:23
GitHub: Grandolf
IRC: Grandolf
In-game: Grandolf
Location: USA
Contact:

Re: Client-sided modding: Good or bad?

by Grandolf » Post

If there was some way for servers to detect the client side mods their players were useing i would be about 80% for client based mods, however, its not like that. client based mods have already been added, so im a bit late in saying this, but its only just catching. Also could the core devs please add something to the minetest engine that lets admins see what client based mods people are useing? Heres an example of why: viewtopic.php?t=17046 there are going to be many more to come.
My server, Metropolis viewtopic.php?f=10&t=19191

Byakuren
Member
Posts: 818
Joined: Tue Apr 14, 2015 01:59
GitHub: raymoo
IRC: Hijiri
In-game: Raymoo + Clownpiece

Re: Client-sided modding: Good or bad?

by Byakuren » Post

Grandolf wrote:If there was some way for servers to detect the client side mods their players were useing i would be about 80% for client based mods, however, its not like that. client based mods have already been added, so im a bit late in saying this, but its only just catching. Also could the core devs please add something to the minetest engine that lets admins see what client based mods people are useing? Heres an example of why: viewtopic.php?t=17046 there are going to be many more to come.
Savvy cheaters will just rename the mod to evade detection. Even unsavvy cheaters might do it if the mod instructs them to change the name to something that looks benign.
Every time a mod API is left undocumented, a koala dies.

User avatar
crazyR
Member
Posts: 60
Joined: Thu Jun 19, 2014 14:41
Location: uk

Re: Client-sided modding: Good or bad?

by crazyR » Post

I'm entirely amazed and amused by the fact that there is actually a debate about the possibility to hack the client with CSM.

Lets be real. we are talking about an open source software and granted CSM may or may not make it easier for people to hack their clients.... but lets be honest. ANYONE that wants to cheat will do it, one way or another they will find a way.

Blocking or trying to block features through fear of something that can and does already happen anyway is ludicrous.

imo

User avatar
Linuxdirk
Member
Posts: 3218
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Client-sided modding: Good or bad?

by Linuxdirk » Post

crazyR wrote:I'm entirely amazed and amused by the fact that there is actually a debate about the possibility to hack the client with CSM.
Because copying a folder into another folder is the exact same thing as downloading the source, modifying the C++ code, and compiling the modified source into a modified client, right?

User avatar
crazyR
Member
Posts: 60
Joined: Thu Jun 19, 2014 14:41
Location: uk

Re: Client-sided modding: Good or bad?

by crazyR » Post

you have heard of the internet right? the information to learn how to do pretty much anything you want is right at your fingertips.

I'll repeat what i said before, anybody that wants to cheat WILL find a way, Making it harder to cheat is something that every game developer has tried for years and has never worked. even for closed source games.

User avatar
Linuxdirk
Member
Posts: 3218
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Client-sided modding: Good or bad?

by Linuxdirk » Post

crazyR wrote:Making it harder to cheat is something that every game developer has tried for years ...
And MT developers deliberately made it EASIER to cheat.

Post Reply

Who is online

Users browsing this forum: No registered users and 7 guests