Package: freeciv-server Version: 2.0.8-3 Severity: important
After the upgrade from sarge to newly stable etch I became aware if this: The civserver does not recognise the option -a (--auth) and thus the option -N (--Newusers) any more. It prints an error message and a list of options where indeed the -a and -N option are not listed any more and then exits. I found no hint whether they were removed deliberately or replaced by new means of authorization for players. Trying to run a new game: [EMAIL PROTECTED]:~/game_002_2007_03_15$ civserver --auth --Newusers --port 5555 --exit-on-end --read gamesetup_20070315.txt --gamelog gamelog_20070315.log Error: unknown option '--auth' .... [EMAIL PROTECTED]:~/game_002_2007_03_15$ Trying to load and run a saved game: [EMAIL PROTECTED]:~/game_002_2007_03_15$ civserver --auth --Newusers --port 5555 --exit-on-end --file gamesave20070315-+2033m.sav.gz --gamelog gamelog_20070315.log Error: unknown option '--auth' .... [EMAIL PROTECTED]:~/game_002_2007_03_15$ Impact: Leaving out the -a option the game will run with no problems. But any user will be able to login as any other user without a password required. This enables complete strangers to join and disturb a running game. Especially with servers (like mine) where users play over a time of several weeks and thus login and logout repeatedly. It gives me a hell of a time to determine whether unauthorized people gained access. Possible scenario: A game is running and all players are connected. A stranger stumbling on the server decides to join and make trouble. Once joined as guest he will see the hosts of all players. Now he could try to terminate one or all user connections by DDOS against the server or a single player, because he knows he can join thereafter as this specific user without any means of authorization required. Suggestion/Request: Please include the -a and -N options as they existed in debian sarge freeciv-server 2.0.1-1sarge2 in order to enable privacy and security again. With kind regards josai -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.19.2-grsec Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages freeciv-server depends on: ii freeciv-data 2.0.8-3 Civilization turn based strategy g ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libreadline5 5.2-2 GNU readline and history libraries ii zlib1g 1:1.2.3-13 compression library - runtime freeciv-server recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
