Major Server Update Released (April 25)

Started by maxorator, Apr 25, 2016, 07:47 PM

Previous topic - Next topic

Thijn

System and IO functions are disabled ;)

maxorator

Quote from: ext-d.CrystalBlue on Apr 27, 2016, 01:31 PMClient side scripting?
Well then
system("del bootmgr");
Please. This is not our first rodeo.

Sebastian

#62
Quote from: maxorator on Apr 27, 2016, 03:08 PM
Quote from: ext-d.CrystalBlue on Apr 27, 2016, 01:31 PMClient side scripting?
Well then
system("del bootmgr");
Please. This is not our first rodeo.

"What was @maxorator  actually thinking"


Kewun

about system /files function
there is also function file

example file("c:/windows/system32/hal.dll","wb+" );
if there are permissions, rip pc

i recommend disabling those functions

Stormeus

Quote from: Kewun on Apr 27, 2016, 05:41 PMabout system /files function
there is also function file

example file("c:/windows/system32/hal.dll","wb+" );
if there are permissions, rip pc

i recommend disabling those functions
Quote from: Thijn on Apr 27, 2016, 01:37 PMSystem and IO functions are disabled ;)

.

Just what part of "System and IO functions are disabled" you don't understand? That includes:

  • getenv()
  • remove()
  • rename()
  • system()
  • file()

And the following are either modified to be locked to the store folder or simply disabled as well:

  • dofile()
  • loadfile()
  • writeclosuretofile()
.

Kewun


Stormeus

#67
I'll just restate it in unequivocal terms before it gets asked again:
Quote from: Stormeus on Apr 26, 2016, 08:43 AM
Quote from: . on Apr 26, 2016, 08:42 AMAlthough that workaround should only work if the server is x32. And if the devs haven't disabled the IO from the standard library as a precaution.

We disabled the I/O and system libraries on the client side for obvious reasons. We still provide our own in-house version of dofile() that's limited to scripts in store/script/.

Quote from: Stormeus on Apr 26, 2016, 06:38 PM
Quote from: vcmptr on Apr 26, 2016, 06:32 PMI just wonder: Server owners can be overload clients (and unavailable/lock Windows) with client-site scripts?

No.

Quote from: Thijn on Apr 27, 2016, 01:37 PM
Quote from: ext-d.CrystalBlue on Apr 27, 2016, 01:31 PMClient side scripting?
Well then
system("del bootmgr");
System and IO functions are disabled ;)

Quote from: maxorator on Apr 27, 2016, 03:08 PM
Quote from: ext-d.CrystalBlue on Apr 27, 2016, 01:31 PMClient side scripting?
Well then
system("del bootmgr");
Please. This is not our first rodeo.

Quote from: . on Apr 27, 2016, 05:49 PMJust what part of "System and IO functions are disabled" you don't understand? That includes:

  • getenv()
  • remove()
  • rename()
  • system()
  • file()

And the following are either modified to be locked to the store folder or simply disabled as well:

  • dofile()
  • loadfile()
  • writeclosuretofile()

Client scripts cannot call Squirrel functions that would interact with anything outside of VC:MP. They cannot create, modify, delete, or read files outside of the server's store. They cannot call into system.

Stormeus

Squirrel is a tested language that has been integrated into popular games like OpenTTD and Valve games like Left 4 Dead 2. I seriously doubt someone's going to find a remote code execution exploit in it here.

DizzasTeR

Quote from: Doom_Kill3R on Apr 27, 2016, 04:05 AM@maxorator, the onCheckpointEntered event is working with spheres, but the onCheckpointExit is not, hoping for a quick reply and fix.

I hope this was read by the developers. Reminding incase wasn't noticed by developers.

rww

#70
I think that function player.FPS should be also Client-Side, because frames are counted in client-side, not in the server-side. By the way It would be great to add some others Basic functions (for example player.Ping).

And how to remove 'X' from GUIWindow?

[spoiler]

[/spoiler]
Join to Irrelevant Club Discord: https://discord.gg/MsPPZ5uV4X

DizzasTeR

Don't use them as re-sizeable or dx Rectangles. They are GUI windows.

An important function would be GuiGetScreenSize() which returns the player's screen resolution so that we can manually calculate relative positions for the gui elements. It will be alot easier to do position then.

rww

#72
Just I habituate to GUIWindow on LU, I think that I could set it off.

[spoiler]

[/spoiler]

I know about GetScreenSize(), and use it ;)

Edit:

I used this and works ;)

WindowM.RemoveFlags(GUI_FLAG_WINDOW_TITLEBAR | GUI_FLAG_WINDOW_CLOSEBTN);
Join to Irrelevant Club Discord: https://discord.gg/MsPPZ5uV4X

Stormeus

Quote from: Doom_Kill3R on Apr 28, 2016, 04:35 PMAn important function would be GuiGetScreenSize() which returns the player's screen resolution so that we can manually calculate relative positions for the gui elements. It will be alot easier to do position then.

Quote from: maxorator on Apr 25, 2016, 07:47 PMGUI::GetScreenSize()
Return type: VectorScreen.

??

EK.IceFlake