Re: [Gccg-devel] More Excellent News

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Fri, 20 Feb 2004, Joshua Delahunty wrote:

> Tommi, please let me know how and when we can proceed with this (one is
> up now, the other will take some weeks for me to get configured).

Great!

First i must warn that i am almost sure, that the weak spot was
gccg-server itself. I am investigating it further. Soon after the
intrusion date i made a fix, which prevented the crash i suspect was used
to launch local shell. I don't have my CVS up yet, i can't examine the
code before and after the fix. I'd like to do that before proceeding the
temporary server project. I must say that i was very naive, since my
security policy was approximately "local holes aren't urgent, since people
with account are nice and all services are updated 4 times a day. Gccg is
open, but nobody wants to attack it, since it is GOOD THING."

The code review is actually much faster than i thought. Every page of the
code is imprinted to my brains and i can scan pages rather quickly. I have
already checked few files and they were ok. Unfortunately, i decided to
make full reengineering to my whole computing set up (moving disks around,
new backup systems, rethinking firewalls, moving to modern kernel
features, etc.) and that requires lot of time. I wanted to do it long time
ago, but i was unable to do it due to gccg (requires lot of downtime).
Complete reinstall wasn't bad either, since the system was installed as
Debian ~1.0 and living in 3rd hardware generation (copying always from old
disks to new). The OS has been upgraded to the next major version 3 times
IIRC. The system had tons of obsolete files and useless crap made during
my Linux-newbie era. Never had enough time to clean it up manually. Now i
am bringing services back one by one bringing only "good stuff" back from
the old configurations.

The server transfer is easy. Just launch server system. There is half-made
configuration metw_system.conf which works, but lot of features could be
added. After checking that simple config, the system is up by

	./ServerLaunch metw_system.conf

One important feature missing is the configuration of the meta server for
tables. ServerLaunch needs to suppport feature

	server=something.else.com

to be generally usable. Localhost does not work, since tables must connect
to the public ip even if running on the same machine. Even better meta
server fix would be automatic address translation for tables connecting
from localhost, but i haven't done that yet. Now tables from localhost are
offered as 127.0.0.1 to clients and that is not very good thing :)

After test launch, the server creates directory structures needed. Then
just shut down the system and replace the content of

	save/Metw/

directory with the copy from my server. Then relaunch and everything is as
it was before including savegames. Well, i must build the system first and
check that data is ok. I saved everything when my 2nd processor started
heatening, but the system didn't shutdown properly. BIOS took the system
off power during shutdown, since the processor heatened over the limit.
The server data looks ok, though.

If you need to transfer savegames, just move files

	save/Metw/savegame.*

to the another game server. The meta server took around 80M RAM at max.
Perhaps less, i don't remember if the metw server was running my new code
which is a bit more economical than the old one. I used to test new code
in mtg, since it isn't as frustrating to lose a quick mtg duel due to a
server bug as it would be to lose 2-3 hour metw game in the last rounds.
(Now talking first real world tests, naturally i test everything at Lotr
currently before use.) Each game server eats 5-10M, i don't remeber
for sure.