|
|
| Re: TT TEASER! - water rendering and widescreen fix [message #388528 is a reply to message #388527] |
Fri, 29 May 2009 18:21   |
 |
saberhawk
Messages: 1068
Registered: January 2006
Location: ::1
Karma: 0
|
General (1 Star) |
|
|
| halo2pac wrote on Fri, 29 May 2009 21:18 |
Not at all. I have seen malware execute from the caching of an icon. I bet Roshambo can back me up on this since he told me once that just having a virus file is dangerous since some find ways of executing by themselves.
|
And TT packages are not executable and do not provide an icon system.
|
|
|
|
|
|
|
|
|
|
| Re: TT TEASER! - water rendering and widescreen fix [message #388602 is a reply to message #388527] |
Sat, 30 May 2009 03:04 |
StealthEye
Messages: 2518
Registered: May 2006
Location: The Netherlands
Karma: 0
|
General (2 Stars) |
 
|
|
| halo2pac wrote on Sat, 30 May 2009 03:18 |
Not at all. I have seen malware execute from the caching of an icon. I bet Roshambo can back me up on this since he told me once that just having a virus file is dangerous since some find ways of executing by themselves.
|
That's because of a bug in the icon loading code probably; point is that the same thing can be done by ending malicious network packages. The downloader will not make the risk on a bug being exploited higher.. You'll need to write a specific exploit to a specific bug in either the downloader or any other Renegade code, which part you choose does not really matter much. It's not as easy as renaming virus.exe, just like it's not as easy as just sending the virus.exe over the renegade network connection. Tricky exploits are needed to make it execute.
BlackIntel admin/founder/coder
Please visit http://www.blackintel.org/
[Updated on: Sat, 30 May 2009 03:05] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
| Re: TT TEASER! - water rendering and widescreen fix [message #388632 is a reply to message #388631] |
Sat, 30 May 2009 11:22 |
 |
BlueThen
Messages: 2402
Registered: February 2006
Karma: 0
|
General (2 Stars) |
|
|
| StealthEye wrote on Sat, 30 May 2009 12:27 |
| halo2pac wrote on Sat, 30 May 2009 17:22 |
When sending files from an untrusted source (some n00b's modded server) we should be a little more care full than just thinking that it would be 'too hard to put a virus in there.' You can easily validate many files by what there hex code starts off with, its almost the same every time... especially for jpegs.
It would be a simple addition to the downloader.
Lets not go into a 10 page topic about this... just keep it in mind when your coding it.
|
We obviously thought about whether there would be any vulnerabilities; however came to the conclusion that it's not easier to exploit the downloader than it is to exploit renegade itself. Downloading files may sound risky, but it really isn't much different (in expoitability) from what Renegade does all the time: download game state information from the server.
|
So will it be restricted to certain types of files (objects.ddb, scripts.dll, skins, sounds, etc), or just anything?
|
|
|
|
|
|
| Re: TT TEASER! - water rendering and widescreen fix [message #388637 is a reply to message #388632] |
Sat, 30 May 2009 11:50 |
StealthEye
Messages: 2518
Registered: May 2006
Location: The Netherlands
Karma: 0
|
General (2 Stars) |
|
|
| BlueThen wrote on Sat, 30 May 2009 20:22 |
| StealthEye wrote on Sat, 30 May 2009 12:27 |
| halo2pac wrote on Sat, 30 May 2009 17:22 |
When sending files from an untrusted source (some n00b's modded server) we should be a little more care full than just thinking that it would be 'too hard to put a virus in there.' You can easily validate many files by what there hex code starts off with, its almost the same every time... especially for jpegs.
It would be a simple addition to the downloader.
Lets not go into a 10 page topic about this... just keep it in mind when your coding it.
|
We obviously thought about whether there would be any vulnerabilities; however came to the conclusion that it's not easier to exploit the downloader than it is to exploit renegade itself. Downloading files may sound risky, but it really isn't much different (in expoitability) from what Renegade does all the time: download game state information from the server.
|
So will it be restricted to certain types of files (objects.ddb, scripts.dll, skins, sounds, etc), or just anything?
|
TT packages, which include files like that. But definitely not scripts.dll or any other dlls, allowing that would be a big security hole.
BlackIntel admin/founder/coder
Please visit http://www.blackintel.org/
|
|
|
|
| Re: TT TEASER! - water rendering and widescreen fix [message #388643 is a reply to message #388637] |
Sat, 30 May 2009 12:28 |
|
BlueThen
Messages: 2402
Registered: February 2006
Karma: 0
|
General (2 Stars) |
|
|
| StealthEye wrote on Sat, 30 May 2009 13:50 |
| BlueThen wrote on Sat, 30 May 2009 20:22 |
| StealthEye wrote on Sat, 30 May 2009 12:27 |
| halo2pac wrote on Sat, 30 May 2009 17:22 |
When sending files from an untrusted source (some n00b's modded server) we should be a little more care full than just thinking that it would be 'too hard to put a virus in there.' You can easily validate many files by what there hex code starts off with, its almost the same every time... especially for jpegs.
It would be a simple addition to the downloader.
Lets not go into a 10 page topic about this... just keep it in mind when your coding it.
|
We obviously thought about whether there would be any vulnerabilities; however came to the conclusion that it's not easier to exploit the downloader than it is to exploit renegade itself. Downloading files may sound risky, but it really isn't much different (in expoitability) from what Renegade does all the time: download game state information from the server.
|
So will it be restricted to certain types of files (objects.ddb, scripts.dll, skins, sounds, etc), or just anything?
|
TT packages, which include files like that. But definitely not scripts.dll or any other dlls, allowing that would be a big security hole.
|
I see.
|
|
|
|
|
|
| Re: TT TEASER! - water rendering and widescreen fix [message #388663 is a reply to message #388637] |
Sat, 30 May 2009 23:48 |
 |
Scrin
Messages: 1310
Registered: January 2007
Location: Cold City
Karma: 0
|
General (1 Star) |
|
|
| StealthEye wrote on Sat, 30 May 2009 13:50 |
| BlueThen wrote on Sat, 30 May 2009 20:22 |
| StealthEye wrote on Sat, 30 May 2009 12:27 |
| halo2pac wrote on Sat, 30 May 2009 17:22 |
When sending files from an untrusted source (some n00b's modded server) we should be a little more care full than just thinking that it would be 'too hard to put a virus in there.' You can easily validate many files by what there hex code starts off with, its almost the same every time... especially for jpegs.
It would be a simple addition to the downloader.
Lets not go into a 10 page topic about this... just keep it in mind when your coding it.
|
We obviously thought about whether there would be any vulnerabilities; however came to the conclusion that it's not easier to exploit the downloader than it is to exploit renegade itself. Downloading files may sound risky, but it really isn't much different (in expoitability) from what Renegade does all the time: download game state information from the server.
|
So will it be restricted to certain types of files (objects.ddb, scripts.dll, skins, sounds, etc), or just anything?
|
TT packages, which include files like that. But definitely not scripts.dll or any other dlls, allowing that would be a big security hole.
|
there will be no custom DLLs allowed???
In Memmory of Patriarch Alexy II of Russia (23.02.1929--05.12.2008)
In Memory of First President of Russia (01.02.1931--23.04.2007)
Scrin's C&C Tiberian Sun Universe
YouTube Channel (C&C Renegade Stuff)
|
|
|
|
| Re: TT TEASER! - water rendering and widescreen fix [message #388672 is a reply to message #388663] |
Sun, 31 May 2009 02:01 |
 |
jnz
Messages: 3396
Registered: July 2006
Location: 30th century
Karma: 0
|
General (3 Stars) |
|
|
| Niko ''The Lay'' wrote on Sun, 31 May 2009 07:48 |
| StealthEye wrote on Sat, 30 May 2009 13:50 |
| BlueThen wrote on Sat, 30 May 2009 20:22 |
| StealthEye wrote on Sat, 30 May 2009 12:27 |
| halo2pac wrote on Sat, 30 May 2009 17:22 |
When sending files from an untrusted source (some n00b's modded server) we should be a little more care full than just thinking that it would be 'too hard to put a virus in there.' You can easily validate many files by what there hex code starts off with, its almost the same every time... especially for jpegs.
It would be a simple addition to the downloader.
Lets not go into a 10 page topic about this... just keep it in mind when your coding it.
|
We obviously thought about whether there would be any vulnerabilities; however came to the conclusion that it's not easier to exploit the downloader than it is to exploit renegade itself. Downloading files may sound risky, but it really isn't much different (in expoitability) from what Renegade does all the time: download game state information from the server.
|
So will it be restricted to certain types of files (objects.ddb, scripts.dll, skins, sounds, etc), or just anything?
|
TT packages, which include files like that. But definitely not scripts.dll or any other dlls, allowing that would be a big security hole.
|
there will be no custom DLLs allowed???
|
They will be allowed, but the server may not send them to their clients.
|
|
|
|
| Re: TT TEASER! - water rendering and widescreen fix [message #388673 is a reply to message #388672] |
Sun, 31 May 2009 02:05 |
|
Scrin
Messages: 1310
Registered: January 2007
Location: Cold City
Karma: 0
|
General (1 Star) |
|
|
| jnz wrote on Sun, 31 May 2009 04:01 |
| Niko ''The Lay'' wrote on Sun, 31 May 2009 07:48 |
| StealthEye wrote on Sat, 30 May 2009 13:50 |
| BlueThen wrote on Sat, 30 May 2009 20:22 |
| StealthEye wrote on Sat, 30 May 2009 12:27 |
| halo2pac wrote on Sat, 30 May 2009 17:22 |
When sending files from an untrusted source (some n00b's modded server) we should be a little more care full than just thinking that it would be 'too hard to put a virus in there.' You can easily validate many files by what there hex code starts off with, its almost the same every time... especially for jpegs.
It would be a simple addition to the downloader.
Lets not go into a 10 page topic about this... just keep it in mind when your coding it.
|
We obviously thought about whether there would be any vulnerabilities; however came to the conclusion that it's not easier to exploit the downloader than it is to exploit renegade itself. Downloading files may sound risky, but it really isn't much different (in expoitability) from what Renegade does all the time: download game state information from the server.
|
So will it be restricted to certain types of files (objects.ddb, scripts.dll, skins, sounds, etc), or just anything?
|
TT packages, which include files like that. But definitely not scripts.dll or any other dlls, allowing that would be a big security hole.
|
there will be no custom DLLs allowed???
|
They will be allowed, but the server may not send them to their clients.
|
ah ok, np 
In Memmory of Patriarch Alexy II of Russia (23.02.1929--05.12.2008)
In Memory of First President of Russia (01.02.1931--23.04.2007)
Scrin's C&C Tiberian Sun Universe
YouTube Channel (C&C Renegade Stuff)
|
|
|
|
|
|
|
|
|
|
|
|
Search
Help
Members
Register
Login
Home
