'system god' et. al. problems

[MrApathyCream]

A hacked client has been developed that causes other people's bzflag clients to crash. One name the player went by was 'system god'. Although I think others were used.

I got a stack trace of the problem, and conjectured what the cause was.

I put in a fix, and the fix works.

It's possible that i found another problem, unrelated to system god, but if it is the same vulnerability, then the problem is solved.

So, if you build, pull down the latest, and use that.
If you are windows, you can get an installer at

http://www.chesco.com/~dbrosius/BZFlag/ ... zfinst.exe

If this still doesn't work, lemme know.

[Dervish]

Apathy,

Your response time is absolutely aweomse! :thumb:

Thank you so much for jumping right on top of this security hole. Wow, even those who work on top-secret encryption projects would be proud of your response time! hehehe

This happened to me, and I chalked it up to client crash. Then it happened twice right after restarting and entering the same server. I knew something wasn't right. So, I logged in once more, got in to turkey.moongroup, and after saying good bye, client crashed again! Now I knew someone was up to no good.

I will get the latest CVS from sourceforge and build. Thanks!

[Fiberchunks]

Good deal -- grabbing the source right now.

Nice work MAC

Peace

[Dutchrai]

Haven't experienced it yet, but does anyone know if this affects *nix users too?

[MrApathyCream]

Erg,

I did indeed fix the problem, but tested on a non-richochet server. The fix is not right for richochet servers. Chestal has since fixed the fix, and so if you pulled the cvs code (or downloaded the win installer) before 9:00PM EST, please get a new one.

BTW, as far as unix is concerned, I would expect that it should impact anyone, however BZFlag who i believe runs debian, didn't have the problem occur to him. So i'm not sure about that.

[Fiberchunks]

That's funny that you mention ricochet, as I was playing on turkey last night, and was wondering: "when did kp make this a non-richochet server?"

I'll get the new client tonite...it was pretty neat though - no shots passed through teleporters!

Peace

[Dervish]

Fiber, that is quite strange. Oh well, thanks everyone for the work. We have a great group of guys here in our community. Just as I do, I'm sure community members really appreciate the help developers and admins offer.

[michaelh20]

Were the changes significant enough that you couldn't just post some details on what you changed for the client? (i.e. don't bother if it's pages of changes) I've got my own code changed a bit and I hate to have to keep re-changing new code to what I like...

Did you have to change both client and server?

[Chestal]

Were the changes significant enough that you couldn't just post some details on what you changed for the client?

Use the CVS browsing feature on sourceforge. This lets you see differences between 2 versions for each file. If you like to run your own client with modifications (which ones btw., maybe they're of interest for everyone?) I'd recommend to use CVS to keep your local copy up to date anyway. It should usually merge CVS chanegs with your changes without a problem.

[swine]

FYI guys
It does crash the *nix clients. I'm running mandrake 9 and I kept getting crashed on my own server. To say I was annoyed would be an understatement along the lines of saying King Kong was just a cheeky chimp.

And the response time to this threat was amazing! There ARE bzgods andI find that they are good!

and the people rejoiced, blowing each other up with glee, and they fed upon the land, and breakfast cereal, and oakchairs and goats (but the swine they set free of course)...