From 6ba6b97796d703ba53b6b8636972154ce780080d Mon Sep 17 00:00:00 2001 From: Rudolf Polzer Date: Sat, 13 Jul 2013 11:39:22 +0200 Subject: [PATCH] categorize anticheat features in safe, controversial, unsafe --- cmd.c | 6 +++--- host_cmd.c | 2 +- netconn.c | 2 +- quakedef.h | 8 +++++++- sys.h | 2 +- sys_linux.c | 2 +- sys_sdl.c | 2 +- sys_shared.c | 23 ++++++++++++----------- vid_glx.c | 4 ++-- vid_sdl.c | 2 +- vid_wgl.c | 2 +- 11 files changed, 31 insertions(+), 24 deletions(-) diff --git a/cmd.c b/cmd.c index 7d71050c..27f2c9a7 100644 --- a/cmd.c +++ b/cmd.c @@ -94,7 +94,7 @@ static void Cmd_Defer_f (void) Mem_Free(cmd); } } else if(Cmd_Argc() == 3 -#ifdef ANTICHEAT +#ifdef ANTICHEAT_CONTROVERSIAL && (cls.state != ca_connected || cls.demoplayback) #endif ) @@ -121,7 +121,7 @@ static void Cmd_Defer_f (void) cmd_deferred_list = defcmd;*/ } else { Con_Printf("usage: defer \n" -#ifdef ANTICHEAT +#ifdef ANTICHEAT_CONTROVERSIAL " (only works while not connected)\n" #endif " defer clear\n"); @@ -386,7 +386,7 @@ void Cbuf_Execute (void) void Cbuf_Frame(void) { -#ifdef ANTICHEAT +#ifdef ANTICHEAT_CONTROVERSIAL if(cls.state != ca_connected || cls.demoplayback) #endif Cbuf_Execute_Deferred(); diff --git a/host_cmd.c b/host_cmd.c index 10972658..0e932af9 100644 --- a/host_cmd.c +++ b/host_cmd.c @@ -3033,7 +3033,7 @@ void Host_InitCommands (void) Cmd_AddCommand ("pingplreport", Host_PingPLReport_f, "command sent by server containing client ping and packet loss values for scoreboard, triggered by pings command from client (not used by QW servers)"); Cmd_AddCommand ("fixtrans", Image_FixTransparentPixels_f, "change alpha-zero pixels in an image file to sensible values, and write out a new TGA (warning: SLOW)"); -#ifdef ANTICHEAT +#ifdef ANTICHEAT_UNSAFE Cmd_AddCommand ("checkmemory", Sys_AntiCheat_CheckMemory_f, "check memory for patterns"); #endif diff --git a/netconn.c b/netconn.c index 50f25522..0c89fa9b 100755 --- a/netconn.c +++ b/netconn.c @@ -2627,7 +2627,7 @@ static const char *RCon_Authenticate(lhnetaddress_t *peeraddress, const char *pa qboolean have_usernames = false; char vabuf[1024]; -#ifdef ANTICHEAT +#ifdef ANTICHEAT_CONTROVERSIAL if(cls.state != ca_dedicated) return NULL; #endif diff --git a/quakedef.h b/quakedef.h index e5680f52..07d405d2 100644 --- a/quakedef.h +++ b/quakedef.h @@ -32,13 +32,19 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #define DP_FUNC_NORETURN #endif +// Security features: +// HARDENING: disable some nasty things evil servers may do via stuffcmd +// ANTICHEAT_SAFE: some safe anti-cheating means +// ANTICHEAT_CONTROVERSIAL: some controversial anti-cheating means +// ANTICHEAT_UNSAFE: some more problematic anti-cheating means + #ifdef HARDENING # define IS_HARDENED false #else # define IS_HARDENED true #endif -#ifdef ANTICHEAT +#ifdef ANTICHEAT_UNSAFE # ifdef __linux__ # define _GNU_SOURCE // for memmem # endif diff --git a/sys.h b/sys.h index acce3acf..6d992cd5 100644 --- a/sys.h +++ b/sys.h @@ -117,7 +117,7 @@ void Sys_MakeProcessMean (void); // call this from main(); if it returns false, exit using return qboolean Sys_AntiCheat_Init(char **envp); -#ifdef ANTICHEAT +#ifdef ANTICHEAT_UNSAFE typedef enum { CHECKMEMORY_N_A, diff --git a/sys_linux.c b/sys_linux.c index 50982ffb..95fd8655 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -76,7 +76,7 @@ void Sys_PrintToTerminal(const char *text) char *Sys_ConsoleInput(void) { -#ifdef ANTICHEAT +#ifdef ANTICHEAT_CONTROVERSIAL if (cls.state == ca_dedicated) #endif { diff --git a/sys_sdl.c b/sys_sdl.c index aadbe83d..62e6adda 100644 --- a/sys_sdl.c +++ b/sys_sdl.c @@ -83,7 +83,7 @@ void Sys_PrintToTerminal(const char *text) char *Sys_ConsoleInput(void) { -#ifdef ANTICHEAT +#ifdef ANTICHEAT_CONTROVERSIAL if (cls.state == ca_dedicated) #endif { diff --git a/sys_shared.c b/sys_shared.c index 8297a87a..0d2f62fb 100644 --- a/sys_shared.c +++ b/sys_shared.c @@ -641,7 +641,7 @@ void Sys_MakeProcessMean (void) } #endif -#ifdef ANTICHEAT +#ifdef ANTICHEAT_UNSAFE # ifndef WIN32 # include # include @@ -649,7 +649,7 @@ void Sys_MakeProcessMean (void) # endif #endif -#ifdef ANTICHEAT +#ifdef ANTICHEAT_UNSAFE // whole function only exists if anticheat is enabled Sys_AntiCheat_CheckMemory_Result_t Sys_AntiCheat_CheckMemory(const char *dllsubstring, qboolean dllsubstringmode, const void *pattern, size_t length) { @@ -730,16 +730,14 @@ void Sys_AntiCheat_CheckMemory_f(void) qboolean Sys_AntiCheat_Init(char **envp) { -#ifdef ANTICHEAT -# define FAIL return false - +#ifdef ANTICHEAT_CONTROVERSIAL // anti LD_PRELOAD // note that we're using envp here, so one doesn't simply hook into getenv() static char *unsecure_envvars = // UNSECURE_ENVVARS from glibc "GCONV_PATH\0" // libraries are loaded from here - //"GETCONF_DIR\0" // harmless, can only fake getconf() output - //"HOSTALIASES\0" // harmless, just messes with DNS + // "GETCONF_DIR\0" // harmless, can only fake getconf() output + // "HOSTALIASES\0" // harmless, just messes with DNS "LD_AUDIT\0" // loads libraries // "LD_DEBUG\0" // harmless, just shows data // "LD_DEBUG_OUTPUT\0" // harmless, just shows data @@ -759,6 +757,7 @@ qboolean Sys_AntiCheat_Init(char **envp) // "RES_OPTIONS\0" // harmless, just messes with DNS // "TMPDIR\0" // harmless, we don't use temp files anyway // "TZDIR\0" // harmless, just enables time travel + // EXTRA_UNSECURE_ENVVARS from glibc "LD_AOUT_LIBRARY_PATH\0" // loads libraries "LD_AOUT_PRELOAD\0" // loads libraries @@ -778,7 +777,7 @@ qboolean Sys_AntiCheat_Init(char **envp) ++q; } if(*p == 0 && *q == '=') - FAIL; // match! + return false; // match! // next! while(*p) ++p; @@ -787,13 +786,15 @@ qboolean Sys_AntiCheat_Init(char **envp) ++envp; } } +#endif +#ifdef ANTICHEAT_UNSAFE # ifndef WIN32 // anti ptrace; also, make a forked process copy to detach from debuggers { pid_t pid = fork(); if(pid < 0) - FAIL; + return false; if(pid == 0) { // nothing to do here @@ -805,14 +806,14 @@ qboolean Sys_AntiCheat_Init(char **envp) if(ptrace(PTRACE_ATTACH, pid, NULL, NULL) < 0) { kill(pid, SIGKILL); - FAIL; + return false; } for(;;) { if(waitpid(pid, &status, 0) == (pid_t) -1) { if(errno == ECHILD) // process no longer exists - FAIL; + return false; } if(WIFEXITED(status)) { diff --git a/vid_glx.c b/vid_glx.c index d1d4545f..7ca3ee6c 100644 --- a/vid_glx.c +++ b/vid_glx.c @@ -587,7 +587,7 @@ static void HandleEvents(void) { XNextEvent(vidx11_display, &event); -#ifdef ANTICHEAT +#ifdef ANTICHEAT_SAFE if(event.xany.send_event && event.type != MotionNotify) continue; // note: synthetic MotionNotify already only change @@ -1341,7 +1341,7 @@ static qboolean VID_InitModeGL(viddef_mode_t *mode) drivername = "libGL.so.1"; #endif -#ifndef ANTICHEAT +#ifndef ANTICHEAT_CONTROVERSIAL // COMMANDLINEOPTION: Linux GLX: -gl_driver selects a GL driver library, default is libGL.so.1, useful only for using fxmesa or similar, if you don't know what this is for, you don't need it // COMMANDLINEOPTION: BSD GLX: -gl_driver selects a GL driver library, default is libGL.so.1, useful only for using fxmesa or similar, if you don't know what this is for, you don't need it // LordHavoc: although this works on MacOSX, it's useless there (as there is only one system libGL) diff --git a/vid_sdl.c b/vid_sdl.c index 89db707b..e72f01f7 100644 --- a/vid_sdl.c +++ b/vid_sdl.c @@ -2046,7 +2046,7 @@ static qboolean VID_InitModeGL(viddef_mode_t *mode) // SDL usually knows best drivername = NULL; -#ifndef ANTICHEAT +#ifndef ANTICHEAT_CONTROVERSIAL // COMMANDLINEOPTION: SDL GL: -gl_driver selects a GL driver library, default is whatever SDL recommends, useful only for 3dfxogl.dll/3dfxvgl.dll or fxmesa or similar, if you don't know what this is for, you don't need it i = COM_CheckParm("-gl_driver"); if (i && i < com_argc - 1) diff --git a/vid_wgl.c b/vid_wgl.c index f764bc31..a8ed947a 100644 --- a/vid_wgl.c +++ b/vid_wgl.c @@ -994,7 +994,7 @@ qboolean VID_InitModeGL(viddef_mode_t *mode) gldrivername = "opengl32.dll"; -#ifndef ANTICHEAT +#ifndef ANTICHEAT_CONTROVERSIAL // COMMANDLINEOPTION: Windows WGL: -gl_driver selects a GL driver library, default is opengl32.dll, useful only for 3dfxogl.dll or 3dfxvgl.dll, if you don't know what this is for, you don't need it i = COM_CheckParm("-gl_driver"); if (i && i < com_argc - 1) -- 2.39.2