Time Nick Message 06:27 proller Fatal error: not enough memory - after 4 days uptime 06:27 proller ^ error from lua 06:29 proller 1G in top usage, over 9000M free memory 14:59 VanessaE ok, like an idiot I had code in here to delete old logs daily instead of rotating them, BUT - someone claims to have been able to build on one of my servers, *without interact*, and to be able to give items, without the 'give' privilege. I checked into this briefly yesterday and found no evidence of an item he claims to have dropped, for example. 15:00 VanessaE can someone please confirm if in fact the server does or does not deny actions from players that it doesn't recognize as having certain items and privs? 15:00 VanessaE (code = rm -f logfilename --- it's a leftover from my old VPS where space was extremely limited... please don't comment on this, I won't answer) 15:01 VanessaE the user in question was allegedly using a "hacked" client, along the lines of clients that are modified to allow noclip, fly, etc on servers that otherwise disallow those actions. How does this apply to give, interact, and so forth? 15:01 iqualfragile VanessaE: afaik the server checks if the client has the nescesary privileges, it even checks if the client is inside some radius when destroying a block 15:03 VanessaE this user claimed to have been able to give himself a diamond sword, which he then claimed to have dropped at the spawn on my server. When I checked the logs after that alleged event, I found no evidence of a dropped item (as I recall, such actions are logged). 15:03 iqualfragile player movement is obviously client side, as the client get the map and then operates on it 15:03 xyz this user is full of shit 15:03 iqualfragile (well, its synchronized between client and server usualy but that is changable with a modified client 15:03 iqualfragile ) 15:04 xyz ugh, github down? 15:04 xyz ah yeah 15:04 xyz poor thing 15:06 VanessaE xyz: I figured the user in question was lying, but another user claims to have picked up one or more items that the "hacker" claims to have dropped. That's what's got me a little worried. Probably all 100% pure bullshit, but I figured I should check just in case it's not. 15:07 xyz I think it's possible to fake digging times though 15:08 xyz did you check if those have the same ip? 15:10 VanessaE xyz: I didn't have the chance - I only heard about the claim of picking up the alleged dropped items after the logs had been deleted (a misfeature I've already removed) 15:10 VanessaE however, 15:10 PilzAdam you cant drop items if you dont have interact 15:10 VanessaE one of my moderators did ban the claimant 15:10 VanessaE er, 15:10 VanessaE he banned the "hacker" 15:11 iqualfragile VanessaE: wait, so you are deleting debug.txt? 15:11 VanessaE and he said that the person claiming to pick up the items did not disappear when the hacker dropped off. 15:11 VanessaE iqualfragile: I said not to ask about it. 15:11 iqualfragile just for clarification, i thought you would delete rollback.sql 15:11 VanessaE so presumably the hacker and the picker-upper have different IPs. not that that means much. 15:11 VanessaE iqualfragile: oh, fuck no. I don't touch the rollback. 15:12 xyz alias logrotate=rm -rf /var/log/* 15:12 xyz I'm sorry 15:12 iqualfragile xyz: thats my man! 15:12 VanessaE ANYWAY 15:12 VanessaE PilzAdam: see, that's what I thought - but the question is whether the *server* also denies that action. 15:12 VanessaE I assumed it did 15:13 xyz won't minetest write logs to the same file descriptor though? 15:13 PilzAdam server.cpp:2499 // Disallow dropping items if not allowed to interact 15:13 xyz PilzAdam: well it's only a comment 15:14 PilzAdam xyz, ok fine, lemme copy the whole code here to spam the channel 15:14 PilzAdam also dropping of items that the client doesnt have in the server-side inv is disallowed 15:14 iqualfragile PilzAdam: go ahead 15:15 iqualfragile PilzAdam: but what about dropping items the client _has_ in the server side inv? 15:16 PilzAdam iqualfragile, is that a serious question? 15:17 iqualfragile PilzAdam: yes. but i will add a twist: would it be possible to drop an item the player has in the server side inv and keep it in the inv? 15:17 VanessaE the user had no interact, but of course there were 30+ other players online at the time, any one of them coulda given the guy anything easily enough (drop it + the automatic item pickup from the item_drop mod) 15:17 VanessaE so him getting the item into his inventory isn't hard 15:17 VanessaE it's whether he can DO anything with it that concerns me 15:18 PilzAdam iqualfragile, no 15:18 iqualfragile good 21:23 VanessaE is there any particular reason why a texture applied as a player skin can't have a dash in the filename? 21:25 VanessaE I have been fighting with my server for an hour trying to apply a skin for a player and finally figured out that won't work because the player's name has a dash. I confirmed this is the problem "single"player mode by applying the same skin to 'testuser' and 'test-user'. what works for the first one just renders as a colored blob, or as flickering colors, or as empty/transparent when applied to the username with the dash. 21:25 VanessaE same file, merely cp'd to two different destination filenames and applied to two fresh user accounts in "single"player mode. 21:26 xyz open issue 21:26 VanessaE *facepalm* 21:27 xyz what? 21:27 VanessaE you can't just answer the question with "no, there's really no reason for it" or "yes, because X" or perhaps yes because {link here}" ? 21:27 xyz i think it's a bug 21:27 xyz but i don't know 21:27 xyz so if you want to get an answer 21:27 xyz you either repost this message every hour or whenever someone joins the channel 21:27 xyz or open an issue 21:28 VanessaE I asked it as a question because I don't know if it's a bug, I remember a lot of noise some time back about illegal/filtered-out characters in filenames and the like, and I don't remember the details, what is used where, etc etc 21:29 xyz well i tried to be helpful but you just *facepalm*'d :( 21:30 xyz i guess next time i won't even bother replying 21:30 VanessaE opening an issue now. 21:31 xyz yaay! 21:32 VanessaE https://github.com/minetest/minetest/issues/1125 21:33 VanessaE I usually don't like filing issues because they tend to go unanswered, or ignored for great lengths of time. 21:36 VanessaE there, that should be sufficient (a few edits later) 21:40 xyz ok, looking into it now 21:48 xyz VanessaE: replied 21:51 VanessaE I see it 21:53 xyz did it fix the issue for you? 21:58 VanessaE Lemme check 21:59 VanessaE (for whatever reason, it didn't occur to me to try it) 22:02 VanessaE yes, that fixed it.