Opened 6 years ago

Last modified 4 years ago

#4463 new defect

Gamesetup - Prevent the server from breaking client approval

Reported by: elexis Owned by:
Priority: Nice to Have Milestone: Backlog
Component: UI – Game setup Keywords:
Cc: Patch:

Description (last modified by elexis)

Issues: (1) The server can secretly change gamesettings arbitrarily (for example enable cheats) when starting the game (2) The server can determine the seed in advance, to for example find a random map that favors himself. (3) The server can start the game without the clients being ready (F9 -> launchGame()) (4) The server can pretend that clients are ready

Likely more (f.e. w.r.t. player assignments).

Only the first issue seems remotely worthwhile to fix. The last two issues seem only relevant to rated games (as players that are afk or instantly resigned aren't a joy to play against). In case wildfiregames hosts all rated games, this isn't an issue anymore.

(1) Arbitrary Gamesettings: Related code: After the clients have clicked ready, the host can start the game. launchGame() of gamesetup.js is called, determines unique matchID, map/simulation and AI seeds. The randomly chosen civs and map are determined and the playernames are copied to the gameattributes object.

How it could be fixed: Broadcasting the final attributes should be avoided. Instead, clients should ideally derive the final attributes from the approved ones. The playernames are known from the player assignments. The randomized settings can be derived from the shared seed. Selecting a random map that all clients have requires #4462.

(2) Seed:

The seed has to be the same for all clients, otherwise they will end up with an entirely different map and match altogether, so we can't for example use the current unix timestamp.

In order to make it impossible for the server to change seed to his favor (for example switching through various map iterations until finding one where the player is at advantage or receives the desired civ), each client could determine an own seed. Given the other clients seeds, a malicious client could still brute force a seed that would favor him. This window of opportunity could be reduced by letting the clients post their final gameseeds just before starting the game.

Change History (2)

comment:1 by elexis, 5 years ago

In 21854:

Prevent hosts that didn't modify C++ code from starting the game without all assigned online players being ready (launchGame(); cheat), refs #4463.

This works in autostartmode because that sets every client to an observer and still relies on enabled cheats to have players assign themselves.

comment:2 by elexis, 4 years ago

Component: UI & SimulationGame setup
Description: modified (diff)
Priority: If Time PermitsNice to Have
Summary: Prevent the server from breaking client approvalGamesetup - Prevent the server from breaking client approval

Ingame serverside command injection described in #3923.

Note: See TracTickets for help on using tickets.