[Bug 3593] New: voting system is insecure

[bugzilla-daemon at icculus.org]

http://bugzilla.icculus.org/show_bug.cgi?id=3593

           Summary: voting system is insecure
           Product: Quake 3
           Version: SVN HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P3
         Component: Misc
        AssignedTo: zakk at icculus.org
        ReportedBy: devhc97 at gmail.com
         QAContact: quake3-bugzilla at icculus.org


Could we rewrite the voting system, or just borrow the voting code from
somewhere like Tremulous? Because the current method of sending raw vote
command lines to the command interpreter is insecure and highly abusable.

An example: the command interpreter accepts semicolons and newlines as command
separators. There's a hack to work around (refuse) command lines with
semicolons, but newlines aren't checked for. Due to this I have been able to
execute arbitrary commands on the server by sending newlines in the callvote
(map, kick, etc.) command's parameters (minimum source code modification was
required). Such a command was "quit", which successfully shut down the server,
without any administrative rights whatsoever.

I will defer talking about possibilities of votekick-proof names, there are
many.

Fortunately, any decent mod (honestly, all that I've seen/tested on the master
server list), have a proper voting system.


-- 
Configure bugmail: http://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.