undefined | Better HN

0 pointsMayeulC6y ago0 comments

That sounds pretty reasonable to assume for any game, even those that are singleplayer, if they access the network.

Game code is particularly known to be "spaghetti", "code cowoy"-style, where the result is more important than the form or correctness. I mean, that's art, after all, so that seems obvious.

And do you think a lot of companies update their games after they are out? Most often, the code is definitive, refactors are out of the question, etc. I've never seen a bug that fixes a security issue (CVE), let alone for old titles.

And that's when RCE is not by design. It is in Garry's mod, but that's for client-side mode scripted with lua, so theoretically sandboxed. Unreal Tournament 99 though, has plenty of servers that put some dlls for "anti-cheat" software on your computer before you join. That one probably sn't sandboxed.

While we talk about anti-cheat software, can we think a moment about everything that could go wrong with a piece of software that has a very deep access to the system, is sometimes in-house, and not necessarily audited, and whose functionality often includes:

* downloading challenges from servers, patch them into RAM and see what happens

* scan the RAM of the whole system, plus the filesystem, for known exploits

* upload parts of that RAM and filesystem to random servers for analysis

* take screenshots, log keypresses, monitor the system and upload all of this.

Takeaway: sandbox your games. There's a reason I run Steam in a flatpak, on Wayland... Convenience is part of it, but that's not the main one.

0 comments

11 comments · 2 top-level

gbrown6y ago· 8 in thread

> Unreal Tournament 99 though, has plenty of servers that put some dlls for "anti-cheat" software on your computer before you join.

People put up with that?

therealidiot6y ago

For reference, the anti-cheat plugin usually used by Unreal Tournament servers is AntiCheatEngine ("ACE")

https://ace.ut-files.com/index1a8f.html?p=about

d1zzy6y ago

Battle.net has been doing that since day 1, so if you played any game on Battle.net you have downloaded server provided code and executed locally with the privileges of the user running the game.

(when a client connects to a battle.net server, one of the early handshake steps is to download a fixed named MPQ file, which is a Blizzard proprietary archive protocol which contains a DLL that is loaded and a certain fixed named function runs from it, which will checksum your client binary and send the result to the server to compare and allow you to progress further)

AgentME6y ago

I think there's a big difference between the game downloading a DLL straight from the game developers (not all that different from an update) and a game downloading a DLL from a random server you join (that could be run by anyone that you have no reason to trust and that you don't realize you're giving them full read-write access to your computer).

1 more reply

Kaze4046y ago

People are defending Riot Games installing an anti cheat driver, so that's not very surprising if you ask me.

gruez6y ago

Not just that, the driver starts on boot and stays running even when the game isn't running.

1 more reply

ThrowawayR26y ago

Better than putting up with cheaters ruining the game.

Karunamon6y ago

Even if you actually believe this, Riot is not known for their high-quality code. This sounds a bit snarky but is entirely serious: Giving games root rights is bad enough, I absolutely don't want to run anything in kernel space from the same people who wrote the client for League of Legends.

And it's not even about trusting that Riot are not bad actors, tencent conspiracy nonsense aside, it's about leaving that trash running with that level of access in a way that some malicious process could use to elevate its permissions. That is the (ab)use case that worries me.

bzb36y ago

As someone who plays CSGO, I agree with you. I wish valve did something like this. I'm tired of matches getting ruined by cheaters, which happens very often.

ccouzens6y ago· 1 in thread

> sandbox your games. There's a reason I run Steam in a flatpak, on Wayland

If flatpak works perfectly, I suppose an attacker could still steal the "cookie" that automatically logs you into Steam.

Ideally you want Steam to be sandboxed, and then Steam to in turn run all the games in individual sandboxes.

MayeulCOP6y ago

I agree, and that's unfortunate, but I value it far less than I value the integrity of my computer and the data on it.

Steam itself has an interesting "Linux runtime" option for games, but it is unclear if that isolates things more than the status quo.

I don't know what I could do, short of replacing every executable in the steam directory with something that uses a mount namespace or a similar restrictive mechanism before launching the actual executable. Inject a modified libc to perform this on steam's exec call? I think the ball is in Valve's camp to improve this.

j / k navigate · click thread line to collapse

0 comments

11 comments · 2 top-level

gbrown6y ago· 8 in thread

> Unreal Tournament 99 though, has plenty of servers that put some dlls for "anti-cheat" software on your computer before you join.

People put up with that?

therealidiot6y ago

For reference, the anti-cheat plugin usually used by Unreal Tournament servers is AntiCheatEngine ("ACE")

https://ace.ut-files.com/index1a8f.html?p=about

d1zzy6y ago

Battle.net has been doing that since day 1, so if you played any game on Battle.net you have downloaded server provided code and executed locally with the privileges of the user running the game.

AgentME6y ago

1 more reply

Kaze4046y ago

People are defending Riot Games installing an anti cheat driver, so that's not very surprising if you ask me.

gruez6y ago

Not just that, the driver starts on boot and stays running even when the game isn't running.

1 more reply

ThrowawayR26y ago

Better than putting up with cheaters ruining the game.

Karunamon6y ago

bzb36y ago

As someone who plays CSGO, I agree with you. I wish valve did something like this. I'm tired of matches getting ruined by cheaters, which happens very often.

ccouzens6y ago· 1 in thread

> sandbox your games. There's a reason I run Steam in a flatpak, on Wayland

If flatpak works perfectly, I suppose an attacker could still steal the "cookie" that automatically logs you into Steam.

Ideally you want Steam to be sandboxed, and then Steam to in turn run all the games in individual sandboxes.

MayeulCOP6y ago

I agree, and that's unfortunate, but I value it far less than I value the integrity of my computer and the data on it.

Steam itself has an interesting "Linux runtime" option for games, but it is unclear if that isolates things more than the status quo.

j / k navigate · click thread line to collapse