Revoked privileges cause problems with privilege-dependent items

mt-mods / otp

(t)otp mod for minetest

Other

2 stars 1 forks source link

Revoked privileges cause problems with privilege-dependent items #1

Open SwissalpS opened 1 year ago

SwissalpS commented 1 year ago

see: https://github.com/pandorabox-io/in-game/issues/324

in a nutshell: some items are priv dependant and get removed during login as privs are revoked.

S-S-X commented 1 year ago

To reduce significantly what can be done while still having privileges could be:

revoke just interact, keep all other privileges.
override chat command handler to do simple player name check, if player is in middle of otp authentication just cancel all commands (or possibly just allow few whitelisted commands).

That should keep it compatible with almost everything as it does not need mod / command / thing specific overrides and will keep privileges but instead directly removes actual functionality until auth is done.

Freezing player / protecting player in addition to this will be useful too. One bit complicated but fool proof mechanism would be single safe protected location in map where players would be teleported on login and teleported back to original position immediately after auth is done. Complicated because it involves actual protected in world location, kind of like what those jail mods offer.

BuckarooBanzay commented 1 year ago

revoke just interact, keep all other privileges.

~~you could still execute malicious chat-commands that way :/ (//lua comes to mind)~~

in a nutshell: some items are priv dependant and get removed during login as privs are revoked.

~~my proposal (because the moderator-armor does the drop-action) would be to add an api to the otp mod and let the moderator_armor fetch the revoked privs of the player if they are in an otp session~~

S-S-X commented 1 year ago

you could still execute malicious chat-commands that way :/ (//lua comes to mind)

You probably missed my proposal to override all chat command handlers and disable every chat command directly?

So you could run any chat command but every command would return say Chat commands are disabled until authentication is completed. Not 100% sure about this but It should be as simple as swapping first core.registered_on_chat_messages to handler that checks if player has entered otp or not and cancels real first handler returning error message.

I'm pretty sure it is single entry point for every possible chat input unless if there is some very special commands implemented in engine c++ core, not aware of any such thing.

BuckarooBanzay commented 1 year ago

You probably missed my proposal to override all chat command handlers and disable every chat command directly?

yeah, i was in a hurry and missed that part, sorry. This does make sense :+1: