Securing formspec code (code examples)

User avatar
rubenwardy
Moderator
 
Posts: 5835
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: Securing formspec code (code examples)

by rubenwardy » Sun Sep 02, 2018 16:59

Given this kid had a remote execution vulnerability in his cheating tool, I'm not sure it's wise to trust him on security
 

User avatar
KGM
Member
 
Posts: 175
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: Securing formspec code (code examples)

by KGM » Sun Sep 02, 2018 19:49

thx, ill fix that, now i know how you detect my tool.
any concerns about my suggestion here?!
When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.
 

sofar
Developer
 
Posts: 2066
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Securing formspec code (code examples)

by sofar » Sun Sep 02, 2018 22:04

KGM wrote:Watch and learn instead of being rude.


This whole discussion thread isn't about protecting against a man-in-the-middle attack (MITM). It's about properly checking user input. Period. No discussion. Even with encryption, the client is still permitted to send formspec data to the server, and the encryption prevents nothing since the client is permitted to decrypt it.

Your whole """"""solution""""""" is stupid since it requires either a shared secret key (which is stupid, since it's open source, you dumbass) or, the random key is sent over the internet to the client, which allows any MITM to snoop the key. Again, you lose.

And again you're rude for going wildly off-topic. Why don't you open another one of your ranting threads instead?
 

User avatar
KGM
Member
 
Posts: 175
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: Securing formspec code (code examples)

by KGM » Mon Sep 03, 2018 15:29

Your whole """"""example""""""" is stupid since the client needn't to decypher any bit of the data it returns.

It just gets a package wich is signed and encrypted, and returns it as is, and i don't see why one need a shared secret key, only the server needs to decrypt the data when it gets it back.

since the secret key is not shared, it can be generated on server startup.

since the key gets generated on server startup, it has no effect that it's open source.

try to understand before you criticize.

aldough i have to admit that my solution can be simplified.

you could just store a md5 for every package sent, and when you receive it back, you check if you have it's md5 stored.

if not, the package is invalid. if yes, you process the package and delete the md5, so it can't be reused.

too much text?

in short!

-the client must not modify the data in that stupid example, it must just pass it back, so the key is only known to the server, thus it's randomly generated on startup, so 0SS or not OSS makes no difference here. since the client does not know the key, he can't modify the package in a meaningful way.

-you can also verify that a package is not modified by storing an md5 sum before you send it. That is the easy way of solving this problem.

My name is Kai Gerd Müller, not dumbass!
Watch and learn instead of being rude .


Code: Select all


______________________________
\####################\        \
 \#########/\#########\        \
  \#######//\\#########\        \
          /  \
        ^^^^^^^^
         _________



When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.
 

sofar
Developer
 
Posts: 2066
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Securing formspec code (code examples)

by sofar » Tue Sep 04, 2018 17:06

KGM wrote:Your whole """"""example""""""" is stupid since the client needn't to decypher any bit of the data it returns.

It just gets a package wich is signed and encrypted, and returns it as is, and i don't see why one need a shared secret key, only the server needs to decrypt the data when it gets it back.

since the secret key is not shared, it can be generated on server startup.

since the key gets generated on server startup, it has no effect that it's open source.

try to understand before you criticize.


This thread is about securing formspec data. The client *must* be able to generate it himself. Formspec data contains things like "I wrote a random sign text in a form and pressed OK". Therefore, sending some secret bytes over the internet that need to be sent back directly does absolutely nothing for when the client needs to generate NEW packet bytes to tell the server that they modified an inventory.

-the client must not modify the data in that stupid example, it must just pass it back, so the key is only known to the server, thus it's randomly generated on startup, so 0SS or not OSS makes no difference here. since the client does not know the key, he can't modify the package in a meaningful way.


Sigh, this is just vulnerable to replay attacks.

-you can also verify that a package is not modified by storing an md5 sum before you send it. That is the easy way of solving this problem.


Again, this just begs for a replay attack.

And, still worse, you are still convinced that "YOUR MARVELLOUS IDEA" somehow is ON-TOPIC to this thread, which is the stupidest idea ever.

My name is Kai Gerd Müller, not dumbass!
Watch and learn instead of being rude .


YOU ARE BEING OFFTOPIC. I've told you this already, yet you are pandering your ideas irregardless.

Worst of all, you haven't ever made any significant contribution to the actual thread. You are just splashing snake oil cryptography as a counter measure to the user input security problem, which is the dumbest shit response ever. If this was a computer security class, you'd fail pretty hard. If you have some real security problem you think you have a great idea for, THEN OPEN A DIFFERENT FORUM THREAD.

And then, if you do open a worthwhile thread on something useful, I will provide my feedback on your ideas giving them all the benefit of the doubt and an honest review.

Until then, take your idea somewhere else until you can learn to remain on topic AND make sense. Heck, I'd settle for OR.
 

User avatar
KGM
Member
 
Posts: 175
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: Securing formspec code (code examples)

by KGM » Tue Sep 04, 2018 17:35

>Again, this just begs for a replay attack.
REALLY?!
I said md5 gets "marked as invalid" after first message with this md5 got received, this makes replay attacks impossible.
YOUR EXAMPLE IS THE DUMBEST EXAMPLE EVER!
IT IS OFFTOPIC SINCE THE CLIENT MUST NOT MODIFY HIS DATA!
Also, i updated my solution so it fits to the more general problem NOT REPRESENTED BY THE EXAMPLE. :(
When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.
 

User avatar
v-rob
Member
 
Posts: 684
Joined: Thu Mar 24, 2016 03:19
Location: Right behind you.
GitHub: v-rob

Re: Securing formspec code (code examples)

by v-rob » Wed Sep 05, 2018 01:12

Yikes. I think it's time for a bit of calming down. This topic is about writing secure formspec code with the current Minetest engine, not adding encryption to the Minetest engine. So yes, encrypting data is offtopic for this particular thread.

If that's not enough, read the forum rules and conditions: viewtopic.php?f=18&t=17151.

Forum Rules wrote:Moderators' decisions are final: Forum members are expected to heed requests from moderators. Moderators' decisions are final in the event of disagreement. You can get banned by not following instructions given to you by a moderator.


/////////////////////////////////////////////////////////

Back on topic, I noticed that you (sofar) said that you are fine with looking at formspec handling code. I hope you can do that for a mod I will probably release soon, once I get it to a complete enough state, since I am definitely not sure if it's secure. I can send you the link once I do.
 

sofar
Developer
 
Posts: 2066
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Securing formspec code (code examples)

by sofar » Wed Sep 05, 2018 04:10

v-rob wrote:I noticed that you (sofar) said that you are fine with looking at formspec handling code. I hope you can do that for a mod I will probably release soon, once I get it to a complete enough state, since I am definitely not sure if it's secure. I can send you the link once I do.


100% I still will do this, for anyone who asks me to. Either ping me on github or send me a PM, or, even better, post to this thread with code so it can be publicly discussed so that everyone learns from it. If you don't want it in this thread, I totally understand and respect that, but, just know that there are other, really smart (much smarter than me!) people that read the forums that know how to stay on topic and are fantastic code reviewers, and you should try and make as many people as you can review your code if you're serious about security.
 

User avatar
KGM
Member
 
Posts: 175
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: Securing formspec code (code examples)

by KGM » Wed Sep 05, 2018 15:11

@v-rob : reducing my advices to encryption is not appreciated, especially since my final advice about ho to secure formspec code has nothing to do with encryption.
but i agree that encryption is off topic. (since it's not nececary, md5 is fine)
i will make a secure formspec mod using my idea.
When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.
 

Byakuren
Member
 
Posts: 816
Joined: Tue Apr 14, 2015 01:59
GitHub: raymoo
IRC: Hijiri
In-game: Raymoo + Clownpiece

Re: Securing formspec code (code examples)

by Byakuren » Wed Sep 05, 2018 20:05

If you're going to store the MD5, why not just store the sensitive data instead? Then you don't need to mess about with the formspec name.
Every time a mod API is left undocumented, a koala dies.
 

sofar
Developer
 
Posts: 2066
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Securing formspec code (code examples)

by sofar » Wed Sep 05, 2018 22:48

Byakuren wrote:If you're going to store the MD5, why not just store the sensitive data instead? Then you don't need to mess about with the formspec name.


Please, don't do this. You're feeding a troll. That's like wrestling a pig in mud. And the pig likes it.
 

User avatar
v-rob
Member
 
Posts: 684
Joined: Thu Mar 24, 2016 03:19
Location: Right behind you.
GitHub: v-rob

Re: Securing formspec code (code examples)

by v-rob » Wed Sep 05, 2018 23:15

KGM wrote:@v-rob : reducing my advices to encryption is not appreciated, especially since my final advice about ho to secure formspec code has nothing to do with encryption.
but i agree that encryption is off topic. (since it's not nececary, md5 is fine)
i will make a secure formspec mod using my idea.


Sorry, I didn't read the whole thing. It's definitely not my area of expertise.
 

User avatar
KGM
Member
 
Posts: 175
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: Securing formspec code (code examples)

by KGM » Thu Sep 06, 2018 15:00

its not mine too, but i know a few basics.
Also, concerning the original proposal, youre right, its quite shtty.
When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.
 

User avatar
runs
Member
 
Posts: 800
Joined: Sat Oct 27, 2018 08:32
GitHub: runsy

Re: Securing formspec code (code examples)

by runs » Mon Dec 10, 2018 11:39

I have a formspec attached to a NPC (called with show_formspec). If the NPC die, I want the formspec close automatically. Is there a 'hide' or 'close' formspec order?
 

User avatar
Pyrollo
Member
 
Posts: 317
Joined: Mon Jan 08, 2018 15:14
Location: Paris
GitHub: pyrollo
In-game: Naj

Re: Securing formspec code (code examples)

by Pyrollo » Mon Dec 10, 2018 12:50

You just have to call show_formspec again with an empty string IIRC.
[ Display Modpack ] - [ Digiterms ] - [ Crater MG ] - [ LATE ]
 

User avatar
GreenDimond
Member
 
Posts: 1272
Joined: Wed Oct 28, 2015 01:26
Location: SCP-3008
GitHub: GreenXenith
IRC: GreenDimond
In-game: GreenDimond

Re: Securing formspec code (code examples)

by GreenDimond » Mon Dec 10, 2018 15:53

Pyrollo wrote:You just have to call show_formspec again with an empty string IIRC.

Or use the function meant for it minetest.close_formspec(playername, formname)
Y▹uTube | Mods | Patre●n | Twitter | Minetest Discord | GreenDimond#3232

Hey, you. You're finally awake.
You were trying to view their profile, right? Found the rest of their signature, same as us, and that guest over there.
 

User avatar
Pyrollo
Member
 
Posts: 317
Joined: Mon Jan 08, 2018 15:14
Location: Paris
GitHub: pyrollo
In-game: Naj

Re: Securing formspec code (code examples)

by Pyrollo » Mon Dec 10, 2018 16:13

GreenDimond wrote:
Pyrollo wrote:You just have to call show_formspec again with an empty string IIRC.

Or use the function meant for it minetest.close_formspec(playername, formname)

I'm feeling old already :D
[ Display Modpack ] - [ Digiterms ] - [ Crater MG ] - [ LATE ]
 

User avatar
runs
Member
 
Posts: 800
Joined: Sat Oct 27, 2018 08:32
GitHub: runsy
 

Previous

Return to Modding Discussion



Who is online

Users browsing this forum: No registered users and 1 guest