╔══════════════════════════════════════════════════════════════╗
║ ║
║ ██████╗ ██████╗ ██████╗ ██╗ ██╗ ██╗███████╗ ║
║ ██╔══██╗██╔════╝ ██╔══██╗██║ ██║ ██║██╔════╝ ║
║ ██████╔╝██║ ███╗██████╔╝██║ ██║ ██║███████╗ ║
║ ██╔═══╝ ██║ ██║██╔═══╝ ██║ ██║ ██║╚════██║ ║
║ ██║ ╚██████╔╝██║ ███████╗╚██████╔╝███████║ ║
║ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝ ╚═════╝ ╚══════╝ ║
║ ║
║ v2026.1.1 - by Tony Mattke aka tonhE ║
║ ║
╚══════════════════════════════════════════════════════════════╝
Note
This repository is not an official repository maintained by the original Playground+ developers. It is a community effort to modernize and preserve the PG+ codebase. The companion playground-plus-patches repository is also unofficial.
Caution
Security bulletin — HCAdmin login flow
Two vulnerabilities affect talkers with HCAdmin names defined in config.msg that lack active pfiles:
- Unlimited password attempts against the HC password challenge — no rate limiting or lockout.
- HCAdmin privileges granted before password verification — connecting clients are momentarily treated as HCAdmin before
check_hcadmin_pwruns.
Both are fixed in v2026.1.1. Operators running prior or modified PG+ codebases should review the writeup and apply the patches: playground-plus#2.
The classic talker server, modernized for 2026.
Playground Plus is a multi-user chat server ("talker") with a rich history stretching back to the early 1990s. Originally built on the EW-Too codebase, it evolved through Summink and Playground 96 into Playground+, which became one of the most widely deployed talker platforms of its era.
This release brings PG+ into the modern age. It builds cleanly on current 64-bit Linux systems with zero errors and zero warnings, fixes critical security vulnerabilities, and replaces deprecated system APIs - all while preserving the talker experience that operators and users know.
Released 30th April 2026
- HCAdmin login flow hardened — see the security bulletin above and playground-plus#2 for full details. Three changes:
- HC password challenge now fires only when the named hcadmin has no pfile (saved hcadmins authenticate via their pfile password as expected).
- HCAdmin privileges (
HCADMIN_INIT,ressied_by) are now granted only after a successful HC password match, gated on a newHC_AUTHsession flag — never on name match alone. - Per-IP failure tracking with a 10-minute lockout after 5 failed HC password attempts (
add_ip_fail/is_ip_lockedinsocket.c); enforced at connection accept.
Released 8th February 2026
- Password hashing upgraded from DES to SHA-512 via
crypt(), with backwards-compatible login for existing DES hashes and an automatic upgrade prompt for users - Command injection vulnerability fixed in the email welcome feature -
system()replaced withfork()/execlp()so crafted email addresses cannot execute shell commands - Buffer overflow protection across the codebase -
sprintf()replaced withsnprintf()in admin, commands, glue, plists, and room code - Intercom hardening - buffer overflows patched,
strcpyreplaced withstrncpy, division-by-zero guard added,vsprintfreplaced withvsnprintf, and non-null-terminated packet data fixed - Format-string vulnerabilities —
printf(stack)and similar calls allowed format-string attacks. Changed toprintf("%s", stack)across multiple files (17+ locations). - Command injection in email —
system()call incommands.cpassed user-controlled data (email,inet_addr) into a shell command without sanitization. vsprintf()stack buffer overflows — Unboundedvsprintf()into 150-byte buffers replaced withvsnprintf()throughout.strcpy()buffer overflows — Numerous unboundedstrcpy()calls into fixed-size buffers replaced with bounds-checked alternatives.
- 100% CPU busy-spin —
select()had a zero timeout, causing the main loop to spin continuously. Added a 200ms timeout for proper pacing. - 64-bit pointer truncation — Pointer-to-int casts throughout the codebase silently truncated addresses on 64-bit systems, causing crashes and memory corruption. Fixed across 10+ files by using proper pointer subtraction and
%p/%zuformat specifiers. - Hardcoded ROOT path — Boot would fail immediately due to a wrong hardcoded install path in
root.h. - Deprecated
sigpause(0)— Legacy BSD call in the main event loop did nothing on modern glibc; removed.
gethostbyname/gethostbyaddrreplaced withgetaddrinfo/getnameinfoin both the talker and intercom server - the old functions are removed in some modern libc implementationsselect()replaced withpoll()to remove theFD_SETSIZE1024 file descriptor limit- Byte-at-a-time socket reads replaced with 4KB bulk buffered reads for a massive performance improvement
SIGCHLDhandler calledfatal_error()— Intercom crashed every time a child process exited normally. Replaced with properwaitpid()reaping.- Broken
callocmacro — A trailing semicolon in the#definebroke allif/elseblocks usingcalloc. - Network data never null-terminated —
strcpy()on raw packet data read past buffer boundaries. Replaced withmemcpy+ explicit termination. - 6
vsprintf()stack overflows — All replaced withvsnprintf(). - Unix socket path overflow — Unbounded
strcpy()into 108-bytesun_path. - Wrong socket address family — Used
hp->h_addrtypeinstead ofAF_INET.
- Builds cleanly on GCC 13.3 with
-Wall- zero warnings across all four binaries (talker, angel, ident_server, intercom) - Fixed
-Wrestrictwarnings fromsprintf()writing into its own source buffer - Fixed
-Wstringop-truncationwarnings with explicit null terminators afterstrncpy()calls - Added
IGNORE_RETmacro for intentionally uncheckedwrite()return values - Fixed unused variables, operator precedence, misleading indentation, and signal mask initialization
- Fixed
wc -ldisplay in Makefile build output
cd src
make configure # generates Makefile from your system config
make install # builds all four binaries- GCC 10 or later (tested on GCC 13.3.0)
- 64-bit Linux (tested on Linux 6.8.0 x86_64, glibc 2.39)
- Standard POSIX libraries (
libcrypt)
If you're running a customized PG+ talker, see the companion playground-plus-patches repository which provides the same fixes as modular, per-category patches designed to apply cleanly to modified codebases. Tag v2026.1.1 in the patches repository corresponds to this release.
A drop-in server management script installed to bin/ctl by apply.sh.
bin/ctl start # Start the server stack (angel + talker)
bin/ctl stop # Stop everything gracefully
bin/ctl restart # Full restart (stop + start)
bin/ctl status # Show running processes and uptime
bin/ctl reboot # Seamless reboot via angel
bin/ctl log error # Tail a log file (angel|error|boot|connection|intercom)The script auto-detects its location relative to your talker's directory structure. No configuration needed. If proxy support is enabled (HAVE_PROXY in autoconfig.h or a proxy binary in bin/), proxy management is automatically included.
This code has a long and storied lineage:
EW-Too (1992-93) Simon Marsh (Burble)
|
Summink (1994) Neil Peter Charley (Athanasius),
| Michael Simms (Grim), Nicolai Plum (Nicolai)
|
Playground 96 (1995) Mike Bourdaa (traP), Chris Allegretta (astyanax),
| Hans Peterson (Nogard), Valerie Kelly (vallie)
|
Playground+ 1.0 (1998) Richard Lawrence (Silver),
| J. Bradley Christian (phypor),
| Geoffrey Swift (blimey)
|
Playground+ 2026.1.0 Tony Mattke (tonhe)
Silver (Richard Lawrence), phypor (J. Bradley Christian), and blimey (Geoffrey Swift) - the authors of Playground Plus, a stable, bug-fixed, and improved version of Playground 96 with a wealth of additional features.
Sadly development stopped in 1998 at the height of talker population.
traP (Mike Bourdaa), astyanax (Chris Allegretta), Nogard (Hans Peterson), and vallie (Valerie Kelly) - who drastically reworked the Summink code into Playground 96.
Athanasius (Neil Peter Charley), Grim (Michael Simms), and Nicolai (Nicolai Plum) - who made significant changes to the EW-Too base.
Burble (Simon Marsh) - who wrote the original EW-Too code, with significant advancements by Chris Hughes and Jonathan Sloman.
The following people contributed code included in Playground+ by kind permission:
Slaine, Oolon, Grim, subtle, tonhe, Segtor, Nightwolf, Accolade, Sammael, Bron, Nevyn, Maverick, Alaundo, and ekto.
Copyright 1995-1998 Neil Peter Charley (Athanasius), with Solaris/BSD compatibility portions copyright 1996 James William Hawtin. Distributed as part of the PG+ package with permission.
IChan (intercom channel) copyright Richard Lawrence and Mike Bourdaa. The intercom code copyright Michael Simms (Grim).
Playground Plus is free software distributed under the terms established by its original authors. The code and its components carry the following terms:
- The Playground+ codebase may be freely used and distributed for running
talker servers, provided that credit is given to the original authors in
the talker's
versioncommand and/or help credits. - The
versioncommand credits must not be removed or altered beyond adding entries for your own installed modules. - Individual components carry their own terms:
- Ident server code: Copyright Neil Peter Charley and James William Hawtin. May be used as part of PG+ with credit. May not be redistributed separately without the express permission of the authors.
- Spodlist code: Copyright Richard Lawrence. Licensed for distribution within PG+ only. Redistribution in other forms requires written consent.
- IChan/Intercom code: Copyright Richard Lawrence, Mike Bourdaa, and Michael Simms. May not be redistributed without prior permission.
The 2026 modernization patches are provided freely for the PG+ community under the same terms as the original codebase.