Scoring/progress too easy to modify

Question

Scoring/progress too easy to modify

jondkent opened this issue 5 years ago · comments

Its probably far too easy to modify the current tracking approach to progress and hint scoring, as all you need to do is:

apt update && apt -y install vim
vi /progress.json

and modify as needed.

Alternatively, log in as root to the Bastion host and modify:

/home/ubuntu/progress.json

That method is potentially more sneeky

Perhaps just base64 encoding this is enough to put off most people from being tempted to modify the file? Other option could be to md5 the file everytime it is written to (base64 or ascii) to belt and brace it.

github-actions · Answer 1 · Wed Apr 01 2020 08:10:26 GMT+0800 (China Standard Time)

Dying issue, will be closed soon

Jon Kent · Answer 2 · Fri Apr 03 2020 17:35:21 GMT+0800 (China Standard Time)

removed dying label

Sam Irvine · Answer 3 · Wed Sep 30 2020 01:17:59 GMT+0800 (China Standard Time)

I've had a bit of a look at it the ticket afternoon and I think we need a decent plan of how much effort we want to put in to dis-incentivise this. The smaller ideas such as base64 the file would still require a decent amount of effort and code change.

If we are happy investing more time in this then a git based solution might work as it'd be non-obvious to someone attempting to edit the file. We could also monitor the file with something like falco to force a restart if it's edited or read by a binary that's not the tasks manager.

Those are a few ideas but an actual design might be useful, there's a lot of way to do this and we need to narrow down our objectives for the feature. As well as how involved the solution might be.