Risks of non-default CSM settings in 5.0+

User avatar
rheo
Member
Posts: 49
Joined: Fri May 03, 2019 20:40
GitHub: fluxionary
IRC: flux fluxflux
In-game: flux rheo

Risks of non-default CSM settings in 5.0+

by rheo » Post

Hello,

I'm wondering what the risks are of enabling non-default CSM settings in 5.0. It seems clear to me that LOOKUP_NODES_LIMIT prevents cheaty mods like oredetect from working, but I don't understand why the other functions are disabled by default. In particular, I have a CSM that requires CHAT_MESSAGES in 5.0, and want to understand what the risks of enabling those calls are, before possibly asking server operators do enable that setting.
Last edited by rheo on Sun May 05, 2019 03:47, edited 1 time in total.

User avatar
Desour
Member
Posts: 1469
Joined: Thu Jun 19, 2014 19:49
GitHub: Desour
IRC: Desour
In-game: DS
Location: I'm scared that if this is too exact, I will be unable to use my keyboard.

Re: Risks of non-default CSM settings in 5.0+

by Desour » Post

  • The only flag that is off by default seems to be LOAD_CLIENT_MODS, which means that you can't use any csm if the server owner doesn't make effort to allow it.
  • CHAT_MESSAGES allows the client to send chat messages. This includes strings with color escape sequences and strings that are interpreted as chatcommands (eg. "/status") . This can be used to spam the chat with many messages, however you can also spam manually. Some server owners said that they don't like it if their players can send chat messages that appear in color.
  • READ_ITEMDEFS and READ_NODEDEFS allow to get the item/node definition of an item/node. This includes description, texture names, sound names, placment param2, node prediction, paramtype1, paramtype2, light level sent by a node, drawtype, groups and on and on. If the server doesn't have anything secret in a node or item def, this doesn't hurt, I think (no guarantees).
  • LOOKUP_NODES_LIMIT can indeed make cheating easier, but you already know that. However, this might also be interesting for csms that want to play environmental sounds.
  • READ_PLAYERINFO allows to get all player names. This is probably only a problem if the players have secrets about their position and existing among them.
All these restriction flags can of course only prevent the most dangerous features of csm for not modified clients. This makes cheating and annoying the server owner less easy but doesn't do anything against modifying the client, to eg. fly with noclip through the air or just disabling the code that does the restriction flags. But this would need the cheater to modify c++ code and recompile from which minetest was never safe from.
he/him; Codeberg; GitHub; ContentDB; public personal TODO list; "DS" is preferred (but often too short)

User avatar
paramat
Developer
Posts: 3700
Joined: Sun Oct 28, 2012 00:05
GitHub: paramat
IRC: paramat
Location: UK

Re: Risks of non-default CSM settings in 5.0+

by paramat » Post

Yes that's a good and correct summary by DS-minetest.

User avatar
rheo
Member
Posts: 49
Joined: Fri May 03, 2019 20:40
GitHub: fluxionary
IRC: flux fluxflux
In-game: flux rheo

Re: Risks of non-default CSM settings in 5.0+

by rheo » Post

Ah yes, that chat coloring CSM. I'd think it'd be quite easy to restrict that server-side, but I suppose most server owners don't want to have to write/install another mod.

READ_PLAYERINFO could have quite an impact on servers with mods that don't show player names until they're very close to you, like Persistent Kingdoms. You could use it to monitor who's near you.

READ_ITEMDEFS could be used to make a CSM that warns you if your tool is near breaking. You already kind of can, by getting the damage of the held item, but there's no way to know exactly how many uses it has left without the item def, so far as i can tell.

User avatar
rheo
Member
Posts: 49
Joined: Fri May 03, 2019 20:40
GitHub: fluxionary
IRC: flux fluxflux
In-game: flux rheo

Re: Risks of non-default CSM settings in 5.0+

by rheo » Post

This thread on github is informative:

https://github.com/minetest/minetest/issues/6662

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

Aren’t all this settings useless because the client can just ignore them?
The server can‘t know if a action is done by CSM or by the player.
That’s not the way how anticheat should work.

User avatar
rheo
Member
Posts: 49
Joined: Fri May 03, 2019 20:40
GitHub: fluxionary
IRC: flux fluxflux
In-game: flux rheo

Re: Risks of non-default CSM settings in 5.0+

by rheo » Post

Lejo wrote:Aren’t all this settings useless because the client can just ignore them?
The server can‘t know if a action is done by CSM or by the player.
That’s not the way how anticheat should work.
As I understand it, from reading people argue about this point endlessly, is that these settings are *not* useless primarily in that they raise the bar a bit higher for cheating. Not every player is a developer or able to build their own hacked client. These setting won't eliminate cheating, but they (supposedly) prevent it from becoming more widespread.

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

rheo wrote:As I understand it, from reading people argue about this point endlessly, is that these settings are *not* useless primarily in that they raise the bar a bit higher for cheating. Not every player is a developer or able to build their own hacked client. These setting won't eliminate cheating, but they (supposedly) prevent it from becoming more widespread.
You can always easily make your code more complex to prevent cheaters.
But the goal of this settings weren’t to make cheaters more work. Than you could just add a setting CSM yes or No and not so complex settings as they are easy to ignore by clients.

User avatar
paramat
Developer
Posts: 3700
Joined: Sun Oct 28, 2012 00:05
GitHub: paramat
IRC: paramat
Location: UK

Re: Risks of non-default CSM settings in 5.0+

by paramat » Post

Very few players know how to create a hacked client, and few players use a hacked client.
Obviously anticheat is only completely effective serverside, but these 'CSM restrictions' are effective for non-hacked clients, so are useful.

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

paramat wrote:Very few players know how to create a hacked client, and few players use a hacked client.
Obviously anticheat is only completely effective serverside, but these 'CSM restrictions' are effective for non-hacked clients, so are useful.
I agree with that.
But the work would be much more useful invested in creating Serverside Anticheats.

yw05
Member
Posts: 366
Joined: Tue May 07, 2019 12:59
GitHub: y5nw
IRC: y5nw
In-game: ywang
Location: Germany

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Post

Lejo wrote:
paramat wrote:Very few players know how to create a hacked client, and few players use a hacked client.
Obviously anticheat is only completely effective serverside, but these 'CSM restrictions' are effective for non-hacked clients, so are useful.
I agree with that.
But the work would be much more useful invested in creating Serverside Anticheats.
Yes, creating server-side anticheat is the beast way to fix the problem, but at the moment something is required to (at least) prevent players from cheating at client-side. This is what CSM settingd are for. Also, please take into account that anticheat mods can be a potential lag source especially when many servers already have enough mods to cause some lag. The easiest lag-free way would be having moderators from many different places to make sure that they aren't cheating.

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

yw05 wrote: Yes, creating server-side anticheat is the beast way to fix the problem, but at the moment something is required to (at least) prevent players from cheating at client-side. This is what CSM settingd are for. Also, please take into account that anticheat mods can be a potential lag source especially when many servers already have enough mods to cause some lag. The easiest lag-free way would be having moderators from many different places to make sure that they aren't cheating.
You can also block almost all this csm cheats using serversideanticheat.
Bsp: Open chest somewhere: Check Range when modifying the inventory.
Bsp: oredetect: bad that the way to search for nodes have ever been added. But you can also block this if you send the ore only when the player is very near.
About Moderators: Humans are much more less accurate to detect if someone is cheating and engine anticheats doesn’t cause lag very much.

yw05
Member
Posts: 366
Joined: Tue May 07, 2019 12:59
GitHub: y5nw
IRC: y5nw
In-game: ywang
Location: Germany

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Post

Lejo wrote: You can also block almost all this csm cheats using serversideanticheat.
Bsp: Open chest somewhere: Check Range when modifying the inventory.
Bsp: oredetect: bad that the way to search for nodes have ever been added. But you can also block this if you send the ore only when the player is very near.
About Moderators: Humans are much more less accurate to detect if someone is cheating and engine anticheats doesn’t cause lag very much.
The problems are also obvious.
Bad Internet connection: Once the chest formspec showed up after I have already teleported (using server teleport commands like /spawn instead of /teleport because I have no teleport priv) to somewhere 5000 blocks away - in your case I would have to take a train for 5mins simply to get my items again.
And for sending nodes: those with a higher view range can have larger areas seen, and that wouldn't fix the problem.
Moderators: Yes, humans are less accurate, but here's the thing: you can't expect anyone to walk along the street and walk into someone else's private place simply to open the chest and take items, and you wouldn't expect that guy to only walk into houses with unprotected chests - that's obviously stealing. And for oredetect, you won't expect someone to keep changing the digging route and always finding ores.
Lag: some admins do disable anticheat because of lag, esp. on servers with lower configuration and/or more mods.

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

yw05 wrote:The problems are also obvious.
Bad Internet connection: Once the chest formspec showed up after I have already teleported (using server teleport commands like /spawn instead of /teleport because I have no teleport priv) to somewhere 5000 blocks away - in your case I would have to take a train for 5mins simply to get my items again.
You don’t understand how can-inventory-cheats work:
With CSM you can everywhere open an inventory(a chest) as long as you have the Metadata of it. Using a simple anticheat you check if the player is near the chest. I think this anticheat has already been added to mt5.0
And for sending nodes: those with a higher view range can have larger areas seen, and that wouldn't fix the problem.
I agree that’s not easy to fix.
I don’t have any better idea for an anticheat for this right now.
Moderators: Yes, humans are less accurate, but here's the thing: you can't expect anyone to walk along the street and walk into someone else's private place simply to open the chest and take items, and you wouldn't expect that guy to only walk into houses with unprotected chests - that's obviously stealing. And for oredetect, you won't expect someone to keep changing the digging route and always finding ores.
Moderators are a good Addition to the default anticheat. But Moderators can’t be anywhere. They go there where players fight, ... and not to someone alone in the mine.
Lag: some admins do disable anticheat because of lag, esp. on servers with lower configuration and/or more mods.
They are just mad!!!
You don’t want to know what’s possible when it’s disabled: You can do everything just like in creative except items cheating + infinity fast + teleportation. Btw. Item cheats are also possible if you have the wrong creative mods.

User avatar
Desour
Member
Posts: 1469
Joined: Thu Jun 19, 2014 19:49
GitHub: Desour
IRC: Desour
In-game: DS
Location: I'm scared that if this is too exact, I will be unable to use my keyboard.

Re: Risks of non-default CSM settings in 5.0+

by Desour » Post

Lejo wrote:
Lag: some admins do disable anticheat because of lag, esp. on servers with lower configuration and/or more mods.
They are just mad!!!
You don’t want to know what’s possible when it’s disabled: You can do everything just like in creative except items cheating + infinity fast + teleportation. Btw. Item cheats are also possible if you have the wrong creative mods.
It's very reasonable to enable disable_anticheat and to not add any other anitcheating mods.
Anticheat often makes playing experience much worse. And for what? Just because it is possible to cheat doesn't mean that everyone does. Humans are able to socialize. Do you not trust your players? Well, then maybe you have bad players. This might be caused by the missing wattles that need to be overwhelmed to join the server. For example any unsocial small child can be given a phone nowadays and this child can simply use the public server list to join a server and doesn't even have to ask for interact.
The server controls item movement, ergo the player can't take anything out of an inventory that he shouldn't be able to really access (with that I mean the right to take and put something). It's the responsibility of server owners not to install bad mods and to check installed mod (or have it checked by someone with enough experience). Having enormous anticheat measures to compensate bad modding is nonsense.
I could write much to the other statements, but I don't want to repeat what's already said and ergo waste my time. Most of the fears are irrational.
he/him; Codeberg; GitHub; ContentDB; public personal TODO list; "DS" is preferred (but often too short)

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

DS-minetest wrote:It's very reasonable to enable disable_anticheat and to not add any other anitcheating mods.
Anticheat often makes playing experience much worse. And for what? Just because it is possible to cheat doesn't mean that everyone does. Humans are able to socialize. Do you not trust your players? Well, then maybe you have bad players. This might be caused by the missing wattles that need to be overwhelmed to join the server. For example any unsocial small child can be given a phone nowadays and this child can simply use the public server list to join a server and doesn't even have to ask for interact.
The server controls item movement, ergo the player can't take anything out of an inventory that he shouldn't be able to really access (with that I mean the right to take and put something). It's the responsibility of server owners not to install bad mods and to check installed mod (or have it checked by someone with enough experience). Having enormous anticheat measures to compensate bad modding is nonsense.
I could write much to the other statements, but I don't want to repeat what's already said and ergo waste my time. Most of the fears are irrational.
I mainly agree. Just a few things I disagree:
No anticheating mods:
It’s true that they sometimes lower the game quality but I for example have two: One noclip it has 0 false detections. And one fly it’s mostly working, only in some special cases(jumping diagonal with speed and jump potion down a hill) it’s wrong. But I keep it because it’s better to have it then not to have it and yes there are sadly fly hackers.

No direct interact:
Then you have a private server just because a player joins you are not online so he leaves again. Sadly I have no better way to check them.

yw05
Member
Posts: 366
Joined: Tue May 07, 2019 12:59
GitHub: y5nw
IRC: y5nw
In-game: ywang
Location: Germany

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Post

Lejo wrote: You don’t understand how can-inventory-cheats work:
With CSM you can everywhere open an inventory(a chest) as long as you have the Metadata of it. Using a simple anticheat you check if the player is near the chest. I think this anticheat has already been added to mt5.0
Ok, so suppose that the server I play on has that anticheat and I'm having some lag (and we know that servers don't distinguish between clients and CSM), then the chest formspec showed up after I teleported 5000 blocks away from the chest (that did happen once) - do I have access to it, according to you?
Lejo wrote:You don’t want to know what’s possible when it’s disabled: You can do everything just like in creative except items cheating + infinity fast + teleportation. Btw. Item cheats are also possible if you have the wrong creative mods.
I know what can happen without anticheat, but there's something called "awareness" - people are aware that they aren't supposed to go around. On the server I'm playing on we have moderators almost 7/24 and they (quite often) teleport to other players to make sure that they don't cheat. Those who have been cheating are banned. And for fighting... at least the server I play on has no PvP.
Lejo wrote: One noclip it has 0 false detections. And one fly it’s mostly working, only in some special cases(jumping diagonal with speed and jump potion down a hill) it’s wrong. But I keep it because it’s better to have it then not to have it and yes there are sadly fly hackers.
Here's the case on the server I'm playing on:
1. Moderators often teleport to players to make sure they aren't doing things against the server rules.
2. Only two people have noclip priv - if moderators teleport to a normal player and end up in solid mass... you know what happens.
3. Only a few moderators and trusted players have fly priv - if they teleport to a new player and find him hanging in midair... again, you know what happens.
Last edited by yw05 on Thu Jun 13, 2019 11:31, edited 4 times in total.

User avatar
Desour
Member
Posts: 1469
Joined: Thu Jun 19, 2014 19:49
GitHub: Desour
IRC: Desour
In-game: DS
Location: I'm scared that if this is too exact, I will be unable to use my keyboard.

Re: Risks of non-default CSM settings in 5.0+

by Desour » Post

Lejo wrote:No direct interact:
Then you have a private server just because a player joins you are not online so he leaves again. Sadly I have no better way to check them.
In the past, the only way to find servers was to search in the forum. Many needed you to ask in the forum to have interact. It actually worked very well. Nearly everyone who played there was a good player. And those servers were not private, with this I mean, there was not really a limited access, as everyone could ask for interact.
Sadly nowadays there are more servers than active players.
he/him; Codeberg; GitHub; ContentDB; public personal TODO list; "DS" is preferred (but often too short)

User avatar
Desour
Member
Posts: 1469
Joined: Thu Jun 19, 2014 19:49
GitHub: Desour
IRC: Desour
In-game: DS
Location: I'm scared that if this is too exact, I will be unable to use my keyboard.

Re: Risks of non-default CSM settings in 5.0+

by Desour » Post

yw05 wrote:
Lejo wrote: You don’t understand how can-inventory-cheats work:
With CSM you can everywhere open an inventory(a chest) as long as you have the Metadata of it. Using a simple anticheat you check if the player is near the chest. I think this anticheat has already been added to mt5.0
then the chest formspec showed up after I teleported 5000 blocks away from the chest (that did happen once) - do I have access to it, according to you?
The client needs the inventory to be loaded in order to interact with it. If you load a meta inventory, move very far away and open the inventory, the inventory won't update properly in your sight as the server doesn't send the inventory. In 5.1 dev there's a new api function to send mapblocks to clients.
There are mods that want the player to interact with far away inventories.
he/him; Codeberg; GitHub; ContentDB; public personal TODO list; "DS" is preferred (but often too short)

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

yw05 wrote: I know what can happen without anticheat, but there's something called "awareness" - people are aware that they aren't supposed to go around. On the server I'm playing on we have moderators almost 7/24 and they (quite often) teleport to other players to make sure that they don't cheat. Those who have been cheating are banned. And for fighting... at least the server I play on has no PvP.

Here's the case on the server I'm playing on:
1. Moderators often teleport to players to make sure they aren't doing things against the server rules.
2. Only two people have noclip priv - if moderators teleport to a normal player and end up in solid mass... you know what happens.
3. Only a few moderators and trusted players have fly priv - if they teleport to a new player and find him hanging in midair... again, you know what happens.
Great if there are such servers, but the most servers aren’t and it’s not easy to have trusted moderators 24/7.
So for the most Server owners this is no solution.
DS-minetest wrote:In the past, the only way to find servers was to search in the forum. Many needed you to ask in the forum to have interact. It actually worked very well. Nearly everyone who played there was a good player. And those servers were not private, with this I mean, there was not really a limited access, as everyone could ask for interact.
Sadly nowadays there are more servers than active players.
The Problem we all play with.

yw05
Member
Posts: 366
Joined: Tue May 07, 2019 12:59
GitHub: y5nw
IRC: y5nw
In-game: ywang
Location: Germany

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Post

Lejo wrote:
yw05 wrote: I know what can happen without anticheat, but there's something called "awareness" - people are aware that they aren't supposed to go around. On the server I'm playing on we have moderators almost 7/24 and they (quite often) teleport to other players to make sure that they don't cheat. Those who have been cheating are banned. And for fighting... at least the server I play on has no PvP.

Here's the case on the server I'm playing on:
1. Moderators often teleport to players to make sure they aren't doing things against the server rules.
2. Only two people have noclip priv - if moderators teleport to a normal player and end up in solid mass... you know what happens.
3. Only a few moderators and trusted players have fly priv - if they teleport to a new player and find him hanging in midair... again, you know what happens.
Great if there are such servers, but the most servers aren’t and it’s not easy to have trusted moderators 24/7.
So for the most Server owners this is no solution.
Yes, this is what I found on the server Wiki:
Moderators are distributed around the world so there is at least one moderator on most of the time.
What you mentioned is the problem: new servers don't have many trusted players, and moderators around the world is basically out of the question. Still, most moderators appear to be in Europe and the US, so there is some time (about 1hr or so) when the server has almost no players online.
Also, I would say that trusted players can also help - when they accidentally see weird things happening.
Lejo wrote:
DS-minetest wrote:In the past, the only way to find servers was to search in the forum. Many needed you to ask in the forum to have interact. It actually worked very well. Nearly everyone who played there was a good player. And those servers were not private, with this I mean, there was not really a limited access, as everyone could ask for interact.
Sadly nowadays there are more servers than active players.
The Problem we all play with.
Yes, we need more servers that are well moderated and not those that are almost empty. New servers appear eveeyday, but only a few can last: IhrFussel's, LinuxWorks, Survival X, Pandorabox, Xanadu, CTF, VanessaE's - you can count them.

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

yw05 wrote:[Yes, this is what I found on the server Wiki:
Moderators are distributed around the world so there is at least one moderator on most of the time.
What you mentioned is the problem: new servers don't have many trusted players, and moderators around the world is basically out of the question. Still, most moderators appear to be in Europe and the US, so there is some time (about 1hr or so) when the server has almost no players online.
Also, I would say that trusted players can also help - when they accidentally see weird things happening.
On which server do you play? I (were) on one modded server but there the moderators where corrupt...
Yes, we need more servers that are well moderated and not those that are almost empty. New servers appear eveeyday, but only a few can last: IhrFussel's, LinuxWorks, Survival X, Pandorabox, Xanadu, CTF, VanessaE's - you can count them.
Another Problem are these fork mobile players. Multicraft and other apps + the missing iOS Minetest App.

yw05
Member
Posts: 366
Joined: Tue May 07, 2019 12:59
GitHub: y5nw
IRC: y5nw
In-game: ywang
Location: Germany

Re: Risks of non-default CSM settings in 5.0+

by yw05 » Post

Lejo wrote:
yw05 wrote:Yes, we need more servers that are well moderated and not those that are almost empty. New servers appear everyday, but only a few can last: IhrFussel's, LinuxWorks, Survival X, Pandorabox, Xanadu, CTF, VanessaE's - you can count them.
Another Problem are these fork mobile players. Multicraft and other apps + the missing iOS Minetest App.
Yes, that's also a problem, but that's less related to CSM - you can also write CSM on Android using a text editor and use CSMs by editing clientmods/mods.conf but that isn't very convenient.
Btw, the main problem with the mobile forks is about hacked clients. Some server admins complain that mobile users simply cheat with fly simply by pressing a button (on the hacked client, of course).
Personally I also play with my mobile, but I don't cheat (I use the official client). The result is that I get trusted - I have interlocked 5 train lines (one of them was removed later due to planning) with my friends, and only a few players have interlocking priv.

User avatar
paramat
Developer
Posts: 3700
Joined: Sun Oct 28, 2012 00:05
GitHub: paramat
IRC: paramat
Location: UK

Re: Risks of non-default CSM settings in 5.0+

by paramat » Post

Lejo wrote:But the work would be much more useful invested in creating Serverside Anticheats.
it's not an equal amount of work, and it's not a case of one or the other.

Creating effective serverside anticheat is very complex and difficult, and adds a significant load on the server, see the 'serverside movement' PR at Github. It may be a long time before serverside anticheat is implemented.
However, the CSM restrictions were simple and quick to add, add no load on the server, and are effective for the large majority of players without hacked clients. So the work was a very good investment while we also, slowly, work on serverside anticheat.

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Risks of non-default CSM settings in 5.0+

by Lejo » Post

It’s just a bit strange:
You have CSM great things are possible and then the server can completely disable CSM.
Why? The server doesn’t care about the most things done by CSM. The settings are much to strict especially by default. Why is the server allowed to disable CSM loading? That’s nothing the server should control. I fully agree with block lookup limits, they are needed. But others are overblocking just because there were some leaks to for example cheat items but as they are all fixed we don’t need a full CSM block.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests