Making a MOD Kill switch...?

Discussion forum for MOD Writers regarding MOD Development.
User avatar
MasterZ
Registered User
Posts: 712
Joined: Wed Sep 24, 2003 5:33 am
Contact:

Making a MOD Kill switch...?

Post by MasterZ » Sat Jul 03, 2010 11:06 pm

Is there anything wrong with making a kill switch for certain versions of my MOD?

I recently released a MOD with a security vulnerability, and after patching it and releasing the new version almost nobody upgraded.

So my idea is to have a way to disable certain versions of a my MOD that have security or other major vulnerabilities. In such a case I can disable version 0.1.0 and anybody with that version installed will get a disabled message with instructions to upgrade to a safe version, even if it does not happen to be the latest version.

I just wanted other mod author's opinion on if this would be a good idea or not.

User avatar
Highway of Life
Former Team Member
Posts: 6048
Joined: Wed Feb 02, 2005 5:41 pm
Location: Spokane, WA
Name: David Lewis
Contact:

Re: Making a MOD Kill switch...?

Post by Highway of Life » Sun Jul 04, 2010 12:33 am

Best thing to do would be to build in a version checker. I’m not a fan of remote kill. But with a version checker, you could notify the admin in various ways. Notification on the board, a PM, even an e-mail if you wanted.
The phpBB Weekly Podcast - Discussing the developments of phpBB4 and beyond.

New to phpBB3? Want to learn about programing?
Visit phpBB Academy at StarTrekGuide to learn how.

User avatar
3Di
Former Team Member
Posts: 13791
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Making a MOD Kill switch...?

Post by 3Di » Sun Jul 04, 2010 1:13 pm

At the end of all I think a kill-switch in this cases it is a good idea, I mean.. if there is a known security hole then why not to be able to disallow the MOD's behaviour?

Once again: good idea, just thinking how to implement it, though. :geek:
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51726
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Making a MOD Kill switch...?

Post by Brf » Sun Jul 04, 2010 1:21 pm

You would have a very difficult time building a kill-switch that the user does not install, since that is your problem -- users who are not installing your updates.

User avatar
3Di
Former Team Member
Posts: 13791
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Making a MOD Kill switch...?

Post by 3Di » Sun Jul 04, 2010 1:25 pm

Brf wrote:You would have a very difficult time building a kill-switch that the user does not install, since that is your problem -- users who are not installing your updates.
The point is: the user MUST instal the update or else the MOD doesn't work anymore. Like un-installed. My guess..
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51726
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: Making a MOD Kill switch...?

Post by Brf » Sun Jul 04, 2010 1:29 pm

But the user is asking how to do that for a mod which already exists, and is installed on users' boards.
How would he make a kill-switch for that mod, which already exists, but the users will not update?

User avatar
3Di
Former Team Member
Posts: 13791
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Making a MOD Kill switch...?

Post by 3Di » Sun Jul 04, 2010 1:34 pm

Brf wrote:But the user is asking how to do that for a mod which already exists, and is installed on users' boards.
How would he make a kill-switch for that mod, which already exists, but the users will not update?
Yep, re-reading the topic starter I see that. Well, it is a good idea but in this case I think there is nothing to do, if the user do not want to install the update (that hopefully contains the code for the kill-switch) then we are making speechees for nothing, I guess.

Good idea it is to make MODs that HAVE the kill-switch, though.
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
MasterZ
Registered User
Posts: 712
Joined: Wed Sep 24, 2003 5:33 am
Contact:

Re: Making a MOD Kill switch...?

Post by MasterZ » Sun Jul 04, 2010 1:42 pm

Brf wrote:But the user is asking how to do that for a mod which already exists, and is installed on users' boards.
How would he make a kill-switch for that mod, which already exists, but the users will not update?
Obviously I cannot do that for a Mod that is using an old version, but if I did install something like that it would only be in effect for future versions.
Highway of Life wrote:Best thing to do would be to build in a version checker. I’m not a fan of remote kill. But with a version checker, you could notify the admin in various ways. Notification on the board, a PM
This is probably the way I will go. Just need to learn how ot make a version checker, I have never done aything with remote files before. :)

Thanks for the discussion everyone.

User avatar
3Di
Former Team Member
Posts: 13791
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Making a MOD Kill switch...?

Post by 3Di » Sun Jul 04, 2010 2:01 pm

MasterZ wrote: Just need to learn how ot make a version checker, I have never done aything with remote files before. :)

Thanks for the discussion everyone.
You know, phpBB3 already have a version checker built-in, you only need to modify it in order to fit your needs. I mean: phpBB checks, at every connection, if it is updated or not, in case it displays a warning (red box).. have a look to there, in the ACP's code. ;)
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
MasterZ
Registered User
Posts: 712
Joined: Wed Sep 24, 2003 5:33 am
Contact:

Re: Making a MOD Kill switch...?

Post by MasterZ » Sun Jul 04, 2010 3:45 pm

Thanks, I might do that, or just rely on Handyman's Mod Version checker MOD.

User avatar
3Di
Former Team Member
Posts: 13791
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Making a MOD Kill switch...?

Post by 3Di » Sun Jul 04, 2010 3:52 pm

MasterZ wrote:Thanks, I might do that, or just rely on Handyman's Mod Version checker MOD.
phpBB's code FTW, you know? :ugeek:
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
igorw
Former Team Member
Posts: 8024
Joined: Fri Dec 16, 2005 12:23 pm
Location: {postrow.POSTER_FROM}
Name: Igor Wiedler

Re: Making a MOD Kill switch...?

Post by igorw » Sun Jul 04, 2010 6:21 pm

From a consumer perspective kill switches are usually quite a big deal. Like kindle, iphone, android. Of course, it's a slightly different story with MODs. For one it's all open source, the kill switch it can easily be removed. And it's not actually removing the MODs, it's just temporarily deactivating them. So I guess the idea does have potential.

If such a feature were to be added, it should IMO be fully optional. Basically a config setting "auto-deactivate insecure MODs". One issue of the implementation is that there's no easy way to deactivate a MOD in most cases due to the amount of code edits. Adding conditionals everywhere is pretty ugly. It would be easier with a pluggable system, since you can simply disable the plugin. Such a system would probably best fit right into the core of the phpBB plugin system (some future version).

One of the main questions is "who should be able to kill a MOD". I would let the MOD author specify an URL that returns a JSON response with status information. phpBB.com would then provide a service for these "kill switches", so MOD authors may use phpBB.com, but they don't have to. The board would periodically (once per day) check that URL and notify the admin in case of deactivated MODs.

But I think the kill switch is just one part of the whole thing. The main issue here is notification of security issues in MODs. It is possible to get notifications for new versions of MODs on phpBB.com. But there is no public list of insecure MODs or vulnerabilities, so it's impossible to see easily whether you are affected. And MOD authors cannot learn from the other people's mistakes. This could be improved, more transparency in this area could help to make the community more aware of such security issues.
Igor Wiedler | area51 | GitHub | trashbin | Formerly known as evil less than three

User avatar
MasterZ
Registered User
Posts: 712
Joined: Wed Sep 24, 2003 5:33 am
Contact:

Re: Making a MOD Kill switch...?

Post by MasterZ » Sun Jul 04, 2010 6:41 pm

Thanks for the great response.
eviL<3 wrote:Like kindle, iphone, android. Of course, it's a slightly different story with MODs. For one it's all open source, the kill switch it can easily be removed. And it's not actually removing the MODs, it's just temporarily deactivating them.
That was my thought exactly.
eviL<3 wrote:Basically a config setting "auto-deactivate insecure MODs".
That would be part of the plan
eviL<3 wrote:One issue of the implementation is that there's no easy way to deactivate a MOD in most cases due to the amount of code edits. Adding conditionals everywhere is pretty ugly.
My Mod already has an enable/disable config setting, and I'm planning on building that into all of my MODs already, so if there were a kill switch then all that would have to happen is to set the enabled config setting to false.

It would be great if phpBB.com got behind this and was able to have some control over it. Making it an officially supported feature would help secure all users and their forums.

User avatar
imkingdavid
Former Team Member
Posts: 2667
Joined: Sun Jul 26, 2009 7:59 pm
Location: EST
Name: David King

Re: Making a MOD Kill switch...?

Post by imkingdavid » Mon Jul 05, 2010 12:13 am

Personally, I don't like the idea of deactivating a MOD remotely. Even though there's a security issue, what if the admin was using that MOD right at that moment for something legitimate and then the next second it was gone without explanation?

I think a better option is something I saw in (I think) the gallery MOD. It shows an "Out of date" message to administrators (much like the board disabled message in the red box at the top when you're logged in as a staff member). This can be adapted to show important updates like if there is a major security issue.

As for eviL<3's idea, the only issue is if the URL they provide goes down, then it will just always return false so the MOD will always be disabled. Maybe having the URL provided by phpBB.com or something but the MOD author can control the version information on it? Or maybe I'm misunderstanding what you're saying.
Don't forget to smile today. :)
Please do NOT contact for support via PM or email.
Remember, the enemy's gate is down.

User avatar
MasterZ
Registered User
Posts: 712
Joined: Wed Sep 24, 2003 5:33 am
Contact:

Re: Making a MOD Kill switch...?

Post by MasterZ » Mon Jul 05, 2010 1:17 am

imkingdavid wrote:As for eviL<3's idea, the only issue is if the URL they provide goes down, then it will just always return false so the MOD will always be disabled.
You can make it only disable the mod if it connects to the distant end and gets a disable signal.

But I think from now on I will just use Handymans mod version check mod.

Locked

Return to β€œ[3.0.x] MOD Writers Discussion”