New FDS exploit fix (players can use admin commands) [message #164626] |
Thu, 28 July 2005 16:24 ![Go to next message Go to next message](/theme/Renegade_Forums/images/down.png) |
TimeFX
Messages: 25 Registered: January 2004 Location: Germany
Karma: 0
|
Recruit |
![120466629](/theme/Renegade_Forums/images/icq.png)
|
|
While going through linux server code I found a function what allows players to execute any console command on the server. For example every player can kick every other player on the server, players can send host message, players can shutdown the server and so on.
I made the patch for linux RH7 & RH8 and Windows dedicated server. Patching the windows game client isn't possible since RenGuard would disallow the change. I compiled the linux binary under SuSE 9.2 - hope it works.
Remember: You should make a backup of your renegade binary before patching.
To use the patch use "./rr_patch01 <your binary>"
Using the patch again will remove the changes.
Linux patcher: http://www.icefinch.net/rr/rr_patch01
Windows patcher: http://www.icefinch.net/rr/rr_patch01.exe
If you experience crashes after patching (which shouldn't happen) please report me your FDS version and the address where the crash occurred.
Greets,
TimeFX
IMPORTANT NOTE:
RenGuard 1.03 does NOT protect you from this exploit.
**EDIT**
This patch is CP1 compatible.
RH8: successfully tested
RH7: no feedback
WIN: no feedback
[Updated on: Thu, 28 July 2005 16:43] Report message to a moderator
|
|
|
Re: New FDS exploit fix (players can use admin commands) [message #164629 is a reply to message #164626] |
Thu, 28 July 2005 16:36 ![Go to previous message Go to previous message](/theme/Renegade_Forums/images/up.png) ![Go to next message Go to next message](/theme/Renegade_Forums/images/down.png) |
=HT=T-Bird
Messages: 712 Registered: June 2005
Karma: 0
|
Colonel |
|
|
Nice Catch! Looks like a good fix to stick in SSCP2. (once it gets some testing, of course)
HTT-Bird (IRC)
HTTBird (WOL)
Proud HazTeam Lieutenant.
BlackIntel Coder & Moderator.
If you have trouble running BIATCH on your FDS, have some questions about a BIATCH message or log entry, or think that BIATCH spit out a false positive, PLEASE contact the BlackIntel coding team and avoid wasting the time of others.
|
|
|
|
|
|
Re: New FDS exploit fix (players can use admin commands) [message #164637 is a reply to message #164635] |
Thu, 28 July 2005 17:34 ![Go to previous message Go to previous message](/theme/Renegade_Forums/images/up.png) ![Go to next message Go to next message](/theme/Renegade_Forums/images/down.png) |
![](http://renegadeforums.com/images/custom_avatars/1976.png) |
Cat998
Messages: 1082 Registered: January 2004 Location: Austria, Vienna
Karma: 0
|
General (1 Star) Moderator/Captain |
![171832178](/theme/Renegade_Forums/images/icq.png) ![berni2288](/theme/Renegade_Forums/images/yahoo.png)
|
|
jonwil wrote on Thu, 28 July 2005 20:31 | Well it just so happens that scripts.dll/bhs.dll 2.1.3 (which will be out as soon as I fix a few things)
will disable these network events on both the client and the server (and a few others too)
|
Who wants to wait ?
timefx already fixed it
When people ask me "Plz" just because it's shorter than "Please" I feel perfectly justified to answer "No" because it's shorter then "Yes"
Programming is like sex: one mistake and you have to support it for the rest of your life
Want the best answers? Ask the best questions!
"So long, and thanks for all the fish."
|
|
|
|
|
|