• Print

Author Topic: Superadmin access  (Read 20 times)

0 Members and 1 Guest are viewing this topic.

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 8096
  • Karma: 390
  • Sertafide Ulysses Jenius
    • Team Ulysses [ULib/ULX, other fine releases]
Superadmin access
« on: April 24, 2013, 02:51:07 pm »
Ok, once or twice a year (average) ULX gets accused of being hacked.
Guestimate, once out of every 5 years, it's something we can actually prevent.

I make this suggestion.
We stop storing superadmin users separately of Gmod.
That is, if anyone wants to grant someone superadmin access, they must shut the server down, modify Garry's standard /settings/users.txt file, then restart server.
ULX will only load superadmin access users 'from' the Gmod file.
That's not to say we still won't store registered superadmin group flags in groups.txt, that just means superadmin members group access won't be stored in data/ulib/users.txt , the only thing that should get loaded from users.txt is any specific flags given to the user, after ULX determines they are already superadmin group.

Now, that won't fix us getting blamed.
That won't fix idiot users of <some other gamemode> that requires an 'owner' group that inherits superadmin from creating the owner group and storing it in /data/ulib/groups.txt and then making users owner.
That won't fix server owners from giving ban/unban/<any other user management access flag> to admins.

This will simply prevent the few script kiddies who exploit ULX from taking advantage of the default superadmin permissions, which, default setups are usually the ones most taken advantage of.

I don't think it would add any more challenge to us assisting users.
Heck, no one seems to be able to read how to use 'ulx adduser' anyway.
« Last Edit: April 24, 2013, 02:59:08 pm by JamminR »
"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming

Offline MrPresident

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 2727
  • Karma: 430
    • |G4P| Gman4President
Re: Superadmin access
« Reply #1 on: April 24, 2013, 04:02:29 pm »
While this may prevent one or two exploits over the course of the next x units of time, I think it'll be more of a pain to users who aren't retarded and actually know how to use the mod.

While this decision is ultimately up to you guys, I would cast my vote against this idea, personally.

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6214
  • Karma: 394
  • Project Lead
Re: Superadmin access
« Reply #2 on: April 24, 2013, 06:53:42 pm »
I also think this would be more of a support pain than keeping it the way it is now. It's unfortunate that ULX makes it easier for hackers to administrate the server... but isn't that really just saying that we do our job well, in the end? We want to trust RCON as the ultimate authority...
Experiencing God's grace one day at a time.

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 8096
  • Karma: 390
  • Sertafide Ulysses Jenius
    • Team Ulysses [ULib/ULX, other fine releases]
Re: Superadmin access
« Reply #3 on: April 24, 2013, 07:27:16 pm »
more of a pain to users who aren't retarded and actually know how to use the mod.

That's just it.
That sums it up to both of your input.
90% of our users are 'retards', as MrP puts it so eloquently.
As a 10%-er, how often do you add superadmins to your server?
You don't often.

Time and time again do we not only see exploiters add themselves using our commands, but also miscreant 'co-owners' foul things up.
(No, this wouldn't prevent the removal, but, sure as heck wouldn't allow a co-owner to go crazy and just start adding people)

I believe the security of not being able to add additional players to 'root' access without direct server shutdown and file access is just improved.
It would sure make the 'dumb' server owner have to really think about just adding people randomly too.
(Oh, you gave me $1 on paypal and a Steam item...here, have superadmin)

Sure, exploiters probably have direct rcon access already.
If they don't, and they have access to adduser or superadmin, then ulx rcon is wide open.
Let's not make it easy for them to add users to superadmin.

Ok, my light bulb is now dim.
Returning you to your normally scheduled programming.
"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6214
  • Karma: 394
  • Project Lead
Re: Superadmin access
« Reply #4 on: April 25, 2013, 01:35:25 pm »
Actually, I do think it would be useful to have a "hardened" version of ULX available. It wouldn't be too many modifications (maintaining both versions would not be a pain). Going this route, I'd just disable the ability to add users from console at all and ONLY rely on pulling from garry's file, but still allow "ulx userallow" to grant privileges to non-guest users (that is, they've been added to the gmod users config). Any other useful things you can think of for a "hardened" version?
Experiencing God's grace one day at a time.

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 8096
  • Karma: 390
  • Sertafide Ulysses Jenius
    • Team Ulysses [ULib/ULX, other fine releases]
Re: Superadmin access
« Reply #5 on: April 25, 2013, 04:24:15 pm »
Why maintain two versions?
Incorporate some type of server side mechanism.."read only" if possible. (file/variable/can variables be made server side only and not adjustable by the console if an exploiter had rcon access??). When hardened = true then <all other stuff decided on won't work>. Megiddo, you're awesome idea for adding ULibcommandcalled hook long ago should make that reasonably easy to stop stuff if hardened mode is on.

Are ulx commands still being sent with a 'session key'?
I remember that discussion back when an admin would be lagged off, and some way, another would take his session on the server, and server would see that new/exploited session as the admin. If not, it's an idea.

What about monitoring for group changes (while server is live) while in hardened mode?
I presume exploiters would have luarun access..set group...can we use UCLChanged to detect/set them back to 'user' or whatever access they were originally?

(Oh, and MrP, I meant to respond to you earlier..the comment about 'ultimately up to you guys'...as far as I'm concerned, you are us 'guys')
"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6214
  • Karma: 394
  • Project Lead
Re: Superadmin access
« Reply #6 on: April 25, 2013, 07:27:16 pm »
If you can't trust the console, you can't trust the Lua engine. It would have to be two versions. In the hardened idea proposed above, the worst the hackers could do is make themselves an admin until map change. And again, it's really simple to do that these days. Git manages all that for us. :)

I can't remember if we're still doing session keys, or if we did that at all... been too long! :P
Experiencing God's grace one day at a time.

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 8096
  • Karma: 390
  • Sertafide Ulysses Jenius
    • Team Ulysses [ULib/ULX, other fine releases]
Re: Superadmin access
« Reply #7 on: April 25, 2013, 07:39:30 pm »
Re: Admin til map chance.
Well, yeah, sure, but, how cool would our hardened version be to slap back into place anyone that tried to change their group level access. :P

Re: Session.
No idea. You actually stated you added it way back when. Just didn't know if it was still being used.
"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6214
  • Karma: 394
  • Project Lead
Re: Superadmin access
« Reply #8 on: April 26, 2013, 05:59:57 am »
If I did in fact add it, it's probably still there. It's been a looooong time since I've looked at that section of code.
Experiencing God's grace one day at a time.

  • Print