Announcement

Collapse
No announcement yet.

Requesting source code for the security module

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Requesting source code for the security module

    To Baker: I could not find your e-mail address, so I'm posting this here instead.

    Good Sir.

    Here is the part I was thinking of, when asking for the source to the security module a couple of days ago:

    2.
    b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

    GNU General Public License v2.0 - GNU Project - Free Software Foundation (FSF)
    From the FAQ:
    If I add a module to a GPL-covered program, do I have to use the GPL as the license for my module?

    The GPL says that the whole combined program has to be released under the GPL. So your module has to be available for use under the GPL.

    If a program released under the GPL uses plug-ins, what are the requirements for the licenses of a plug-in?

    It depends on how the program invokes its plug-ins. If the program uses fork and exec to invoke plug-ins, then the plug-ins are separate programs, so the license for the main program makes no requirements for them.

    If the program dynamically links plug-ins, and they make function calls to each other and share data structures, we believe they form a single program, which must be treated as an extension of both the main program and the plug-ins. This means the plug-ins must be released under the GPL or a GPL-compatible free software license, and that the terms of the GPL must be followed when those plug-ins are distributed.

    If the program dynamically links plug-ins, but the communication between them is limited to invoking the ‘main’ function of the plug-in with some options and waiting for it to return, that is a borderline case.

    Frequently Asked Questions about the GNU Licenses - GNU Project - Free Software Foundation (FSF)
    Well this is no borderline case. The security module is not a "fire and forget" fork/exec thing. It is dynamically linked and thus shares the same execution context as the GPL'd Quake engine (it becomes one with the engine), function calls are made, data is shared and communication is not limited to just invoking the main function and waiting for it to return. Furthermore there are a lot of places in the ProQuake sources where the security module is present in one way or another. It even has its own security.c/security.h files along with the rest of the ProQuake source files. As far as the GPL is concerned you can't just sneak around it like that. The full source code must be provided. In fact, there is only one special exception to this, and it concerns:

    "... anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, ..."
    ... and the security module clearly does not fit that category.

    If not distributing the source code for the security module does not violate the GPL then one could add almost arbitrary modifications to a GPL'd program, in the form of modules or plug-ins, and even redirect function calls to them if they are loaded (rpc's and pipes also comes to mind), without releasing any module/plug-in sources. The program would function just fine without the modules.. (and without the modifications). This would of course go against the very point of the GPL.

    In my personal opinion, making a Quake server that has a mode in which it will only accept connections from certain clients, without giving the server administrator the chance of choosing 'which' clients and without giving developers adequate information about how to connect with their own clients, breaks the spirit of the GPL (at least GPL-3). It's a form of tivoization, in which software (instead of hardware) prevents users from running modified versions of GPL'd software.

    Furthermore there is the trust part. How can anyone trust a security module, whose source code is not available for inspection? How can we be sure there aren't any backdoors or anything similar? Without the source code, we can't. Well, perhaps a Company could be somewhat trustworthy. After all, a company could lose money if they tried anything like that. My point is: Security through obscurity... isn't.

    I hope I have persuaded you to respect the GPL and do the right thing.

    With Best Regards

    // Cortex

  • #2
    Cortex you are throwing poop at the zoo keeper demanding to be fed first.

    If you download the 3.10 source code of proquake http://chris.ruvolo.net/proquake/3.10/ you will find the source to the security feature, that was not packaged in a dll. Some values/mechanics were changed when it was put in a dll so it currently cant be hacked but, for the pure functionality of the method used, you can derive your own cheatfree, though, incompatible. Unless you are just trying to make a hack for an obsolete dll.

    Sorry Baker, I just didnt want the milk to boil over.
    Last edited by R00k; 06-19-2009, 12:11 PM.
    www.quakeone.com/qrack | www.quakeone.com/cax| http://en.twitch.tv/sputnikutah

    Comment


    • #3
      :f

      Comment


      • #4
        Originally posted by R00k View Post
        Cortex you are throwing poop at the zoo keeper demanding to be fed first.
        Ad hominem - Wikipedia, the free encyclopedia

        Originally posted by R00k View Post
        If you download the 3.10 source code of proquake ...
        Ignoratio elenchi - Wikipedia, the free encyclopedia

        Originally posted by R00k View Post
        Sorry Baker, I just didnt want the milk to boil over.
        Wat?

        Comment


        • #5
          I am not the author of the ProQuake security module and have never made any modifications to it.

          Therefore, I have no obligations to anyone nor shall I ever have.

          You are free to take the issue up with the author of the security module, but that is not me.

          Considering that Neil can unfortunately bot on ProQuake cheat-free servers, as much as I think Grossman's work is the foundation of this Quake community I question the value of ProQuake cheat-free in this day and age and don't advocate it.
          Quakeone.com - Being exactly one-half good and one-half evil has advantages. When a portal opens to the antimatter universe, my opposite is just me with a goatee.

          So while you guys all have to fight your anti-matter counterparts, me and my evil twin will be drinking a beer laughing at you guys ...

          Comment


          • #6
            Btw, I don't mind answering your questions regarding the GPL.

            But the fact I'm not the author of the security module makes this a rather and open and shut case that your argument isn't with me.

            And some people like to argue with people who are accessible and that they know, but literally with me not being the author of the security module I just wanted you to be aware that that is truly a dead-end if you want to state I have an obligation on something I didn't author.

            As Rook stated, ProQuake 3.10 had a cheat-free mode that DID violate the GPL. John Carmack got on his case and JPG modified ProQuake to externalize all security features and create a GPL-compliant ProQuake 3.20 (not unlike Warsow; the security module is not required to play nor is it linked to the executable during the compilation process) and then released the source to ProQuake 3.10 like the GPL required.

            You mentioned TIVO; TIVO does not violate the GPL 2.0. The GPL 3.0 was made to prohibit TIVO-like creations, but the Quake source was released under the GPL 2.0.
            Quakeone.com - Being exactly one-half good and one-half evil has advantages. When a portal opens to the antimatter universe, my opposite is just me with a goatee.

            So while you guys all have to fight your anti-matter counterparts, me and my evil twin will be drinking a beer laughing at you guys ...

            Comment


            • #7
              One thing I do think is important is that I think people who are a member of the community SHOULD feel free to ask questions.

              The Quake community belongs to the Quake community, not specific individuals and that is what makes the Quake community a great place.

              I think the best solution would be to remove cheat-free from crmod.com and believe me I've tried!

              2 years ago I managed to get cheat-free removed from 13 servers.

              Cheat-free never protected against the opengl32.dll hacks --- anti-wallhack sure does though. And since Neil figured out some way to bot on cheat-free, I view the only purpose of cheat-free is to exclude other clients from playing.
              Quakeone.com - Being exactly one-half good and one-half evil has advantages. When a portal opens to the antimatter universe, my opposite is just me with a goatee.

              So while you guys all have to fight your anti-matter counterparts, me and my evil twin will be drinking a beer laughing at you guys ...

              Comment


              • #8
                Originally posted by Baker View Post
                As Rook stated, ProQuake 3.10 had a cheat-free mode that DID violate the GPL. John Carmack got on his case and JPG modified ProQuake to externalize all security features and create a GPL-compliant ProQuake 3.20 (not unlike Warsow; the security module is not required to play nor is it linked to the executable during the compilation process) and then released the source to ProQuake 3.10 like the GPL required.
                how do u know random stuff like this bakemaster?

                Comment


                • #9
                  for some of us this is common place knowledge, especially in the "Clan Arena" crowd... CA has been littered such a variety of flavored hacks that it makes Ben&Jerry's ice cream look like its your basic Neopolitan icecream.

                  The sad part,is that I'd bet on 75% of those hacks was created by Neil, when it comes to circumventing the security.dll

                  Also, did Baker have some sort of sign attached to his forehead that read "Gullible" ? rofl
                  Honestly, thats fucking hilarious you threatened Baker with the GPL and had no fucking clue he had nothing to do with the module.Honestly, your retarded Cortex. Next time do your homework. Seriously, you made 3 posts and one of them was this one.I normally am not as rude to newcomers as this,but you sooooooo had that coming. You should be slapped into next year for this.
                  Want to get into playing Quake again? Click here for the Multiplayer-Startup kit! laissez bon temps rouler!

                  Comment


                  • #10
                    baker knows best

                    GPL's important folks!

                    Quake history isnt bad to know either...
                    Gnounc's Project Graveyard Gnounc's git repo

                    Comment


                    • #11
                      Originally posted by Baker View Post

                      Considering that Neil can unfortunately bot on ProQuake cheat-free servers, as much as I think Grossman's work is the foundation of this Quake community I question the value of ProQuake cheat-free in this day and age and don't advocate it.
                      This is true and false, I never actually finished hacking cheat-free once I figured out opengl32.dll worked I just used that and wrote an extremely shitty
                      vector based bot, but it was never(NEVER) given out. However there was an opengl32.dll getting passed around which was for counter-strike but had the option to "Aim At: Anything", It was not perfect BUT it did work. If you were to continue with the Cheat-Free project I think you would be more successful now especially with the anti-wallhack.

                      Originally posted by Baker View Post

                      Cheat-free never protected against the opengl32.dll hacks --- anti-wallhack sure does though. And since Neil figured out some way to bot on cheat-free, I view the only purpose of cheat-free is to exclude other clients from playing.
                      While anti-wall hack was an extreme blow to the cheaters/hackers, it is not 100%, but enough about that, if you can add and remove clients from the list of authorized clients inside the qsecurity.dll I don't see why you can just whip out the crc's for qrack/proquake/dp/whatever and include them and attempt at least to block modified clients.

                      Originally posted by Mindf!3ldzX View Post

                      The sad part,is that I'd bet on 75% of those hacks was created by Neil, when it comes to circumventing the security.dll
                      I was not the only one, In fact after learning about the use opengl32 wrappers, lord havoc let me know of a MUCH easier and effective way to get
                      un-certified clients into cheat-free servers, and the other guy snd or sdn whatever his name was wrote a proxy dll for it but he is not gone and his source forgotten.

                      Comment


                      • #12
                        I spent a couple hours looking at the 3.10 source when I first saw it late 2004, to see if there were exploits. I figure you could somehow use a listen server to proxy through, and bailed on trying to invent a qsecurity for Qrack. Close to what neil suggests, with a crc database, but if u crack the encryption of the packets then you can falsify any value. Programming bots though is big business for things like NASA robots, to ai in the next-gen games. The code to aim bots is the easiest, the navigation is the real trick. I do like playing against Frikbots though.
                        www.quakeone.com/qrack | www.quakeone.com/cax| http://en.twitch.tv/sputnikutah

                        Comment


                        • #13
                          Originally posted by Mindf!3ldzX View Post
                          Also, did Baker have some sort of sign attached to his forehead that read "Gullible" ? rofl
                          Honestly, thats fucking hilarious you threatened Baker with the GPL and had no fucking clue he had nothing to do with the module.
                          Wait, hold up.

                          If someone sincerely believes the GPL is being violated -- and I do believe Cortex believed/believes this -- he has every right to lodge a complaint.

                          He did it in the forums, which is the best possible place to a fair and open discussion on the matter.

                          And if he still believes somehow I am in the wrong I would be more than willing to continue explaining in the forums.

                          I've been wrong before, you've been wrong before, everyone has been wrong before. We're all friends here and all like Quake.
                          Quakeone.com - Being exactly one-half good and one-half evil has advantages. When a portal opens to the antimatter universe, my opposite is just me with a goatee.

                          So while you guys all have to fight your anti-matter counterparts, me and my evil twin will be drinking a beer laughing at you guys ...

                          Comment


                          • #14
                            I'm wrong all the time

                            Comment


                            • #15
                              Thx for standing up to Mindf!3ldzX Baker. I sincerely do believe the GPL is being violated.

                              Originally posted by Baker
                              I am not the author of the ProQuake security module and have never made any modifications to it.
                              Therefore, I have no obligations to anyone nor shall I ever have.
                              Originally posted by Baker
                              But the fact I'm not the author of the security module makes this a rather and open and shut case that your argument isn't with me.
                              Originally posted by Baker
                              ...with me not being the author of the security module I just wanted you to be aware that that is truly a dead-end if you want to state I have an obligation on something I didn't author.

                              Sir, I believe you are in error; it doesn't quite work that way. The GPL is not so much concerned with who wrote what, as it is with who distributes what.

                              You see, section 2 b) says
                              Originally posted by GPL v2 section 2 b)
                              You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
                              It does not say
                              Originally posted by /dev/null
                              You must cause any work that you distribute or publish, provided you are the author or have made any modifications to said work, ...

                              Under section 2 of the GPL v2:
                              Originally posted by Section 2 of the GPL v2
                              These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

                              Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
                              GNU General Public License v2.0 - GNU Project - Free Software Foundation (FSF)

                              And in my first post I argued that the security module is indeed a part of the whole.

                              The FAQ says:
                              Originally posted by GPL v2 FAQ
                              Can I release a modified version of a GPL-covered program in binary form only?

                              No. The whole point of the GPL is that all modified versions must be free software—which means, in particular, that the source code of the modified version is available to the users.

                              I downloaded just the binary from the net. If I distribute copies, do I have to get the source and distribute that too?

                              Yes. The general rule is, if you distribute binaries, you must distribute the complete corresponding source code too. The exception for the case where you received a written offer for source code is quite limited.
                              Frequently Asked Questions about the GNU GPL v2.0 - GNU Project - Free Software Foundation (FSF)

                              Concerning what JPG did after Carmack got on his case.. I honestly don't think JPG did create a GPL-compliant ProQuake by the same argument as I laid out in my first post.

                              TIVO: I never said that tivoization violates the GPL 2.0. All I said was that it breaks its spirit in my personal opinion.

                              Comment

                              Working...
                              X