Renegade Public Forums
C&C: Renegade --> Dying since 2003™, resurrected in 2024!
Home » Technical Support » Linux FDS » New FDS exploit fix (players can use admin commands)
New FDS exploit fix (players can use admin commands) [message #164626] Thu, 28 July 2005 16:24 Go to next message
TimeFX is currently offline  TimeFX
Messages: 25
Registered: January 2004
Location: Germany
Karma: 0
Recruit

While going through linux server code I found a function what allows players to execute any console command on the server. For example every player can kick every other player on the server, players can send host message, players can shutdown the server and so on.

I made the patch for linux RH7 & RH8 and Windows dedicated server. Patching the windows game client isn't possible since RenGuard would disallow the change. I compiled the linux binary under SuSE 9.2 - hope it works.

Remember: You should make a backup of your renegade binary before patching.
To use the patch use "./rr_patch01 <your binary>"
Using the patch again will remove the changes.

Linux patcher: http://www.icefinch.net/rr/rr_patch01
Windows patcher: http://www.icefinch.net/rr/rr_patch01.exe


If you experience crashes after patching (which shouldn't happen) please report me your FDS version and the address where the crash occurred.


Greets,
TimeFX



IMPORTANT NOTE:
RenGuard 1.03 does NOT protect you from this exploit.

**EDIT**
This patch is CP1 compatible.

RH8: successfully tested
RH7: no feedback
WIN: no feedback

[Updated on: Thu, 28 July 2005 16:43]

Report message to a moderator

icon14.gif  Re: New FDS exploit fix (players can use admin commands) [message #164629 is a reply to message #164626] Thu, 28 July 2005 16:36 Go to previous messageGo to next message
=HT=T-Bird is currently offline  =HT=T-Bird
Messages: 712
Registered: June 2005
Karma: 0
Colonel
Nice Catch! Looks like a good fix to stick in SSCP2. (once it gets some testing, of course)

HTT-Bird (IRC)
HTTBird (WOL)
Proud HazTeam Lieutenant.
BlackIntel Coder & Moderator.

If you have trouble running BIATCH on your FDS, have some questions about a BIATCH message or log entry, or think that BIATCH spit out a false positive, PLEASE contact the BlackIntel coding team and avoid wasting the time of others.
Re: New FDS exploit fix (players can use admin commands) [message #164632 is a reply to message #164629] Thu, 28 July 2005 16:45 Go to previous messageGo to next message
TimeFX is currently offline  TimeFX
Messages: 25
Registered: January 2004
Location: Germany
Karma: 0
Recruit

=HT=T-Bird wrote on Fri, 29 July 2005 01:36

Nice Catch! Looks like a good fix to stick in SSCP2. (once it gets some testing, of course)


Thanks Smile

The exploit works in both directions, so server admins could execute console commands at the player's win client.
So they should fix that in client CP too Wink

But why waiting for SSCP2?


PS: Westwood sucks for adding this 'feature'...

[Updated on: Thu, 28 July 2005 16:45]

Report message to a moderator

Re: New FDS exploit fix (players can use admin commands) [message #164634 is a reply to message #164626] Thu, 28 July 2005 17:31 Go to previous messageGo to next message
Cat998
Messages: 1081
Registered: January 2004
Location: Austria, Vienna
Karma: 0
General (1 Star)
Moderator/Captain

Good job !

When people ask me "Plz" just because it's shorter than "Please" I feel perfectly justified to answer "No" because it's shorter then "Yes"

Programming is like sex: one mistake and you have to support it for the rest of your life

Want the best answers? Ask the best questions!

"So long, and thanks for all the fish."
Re: New FDS exploit fix (players can use admin commands) [message #164635 is a reply to message #164626] Thu, 28 July 2005 17:31 Go to previous messageGo to next message
jonwil is currently offline  jonwil
Messages: 3557
Registered: February 2003
Karma: 0
General (3 Stars)

Well it just so happens that scripts.dll/bhs.dll 2.1.3 (which will be out as soon as I fix a few things)
will disable these network events on both the client and the server (and a few others too)


Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
Re: New FDS exploit fix (players can use admin commands) [message #164637 is a reply to message #164635] Thu, 28 July 2005 17:34 Go to previous messageGo to next message
Cat998
Messages: 1081
Registered: January 2004
Location: Austria, Vienna
Karma: 0
General (1 Star)
Moderator/Captain

jonwil wrote on Thu, 28 July 2005 20:31

Well it just so happens that scripts.dll/bhs.dll 2.1.3 (which will be out as soon as I fix a few things)
will disable these network events on both the client and the server (and a few others too)




Who wants to wait ?
timefx already fixed it Big Grin


When people ask me "Plz" just because it's shorter than "Please" I feel perfectly justified to answer "No" because it's shorter then "Yes"

Programming is like sex: one mistake and you have to support it for the rest of your life

Want the best answers? Ask the best questions!

"So long, and thanks for all the fish."
Re: New FDS exploit fix (players can use admin commands) [message #164703 is a reply to message #164626] Fri, 29 July 2005 08:52 Go to previous messageGo to next message
Renx is currently offline  Renx
Messages: 2321
Registered: April 2003
Location: Canada
Karma: 0
General (2 Stars)
Category Moderator
wow, I had no idea we were so vulnerable. Thanks for the fix dude!

~Canucck

http://www.sloganizer.net/en/style7,Espion.png

Blazer

...RG made me ugly
Re: New FDS exploit fix (players can use admin commands) [message #166565 is a reply to message #164703] Wed, 17 August 2005 00:15 Go to previous messageGo to next message
Renerage is currently offline  Renerage
Messages: 1223
Registered: May 2005
Location: Hamilton ON, Canada
Karma: 0
General (1 Star)
that explains alot...

http://img109.imageshack.us/img109/9876/cheekaysig9xv.jpg

A pissed off noob Once said:
I DESLIKE YOU!
Re: New FDS exploit fix (players can use admin commands) [message #181598 is a reply to message #164626] Wed, 07 December 2005 06:56 Go to previous message
DarkComet is currently offline  DarkComet
Messages: 4
Registered: July 2005
Karma: 0
Recruit
thanks Smile
Previous Topic: lfds on fc4
Next Topic: Any "No Gameplay Pending" patch for LFDS?
Goto Forum:
  


Current Time: Sat Nov 23 01:18:43 MST 2024

Total time taken to generate the page: 0.00799 seconds