"save pak0.pak" vulnerability

Discuss programming topics for the various GPL'd game engine sources.
frag.machine
Posts: 2126
Joined: Sat Nov 25, 2006 1:49 pm

Re: "save pak0.pak" vulnerability

Post by frag.machine »

Related to this, all file related builtins from FRIK_FILE extension can do the same damage, even worst. They ought to be at least confined to the files inside the current gamedir.
I know FrikaC made a cgi-bin version of the quakec interpreter once and wrote part of his website in QuakeC :) (LordHavoc)
Spirit
Posts: 1065
Joined: Sat Nov 20, 2004 9:00 pm
Contact:

Re: "save pak0.pak" vulnerability

Post by Spirit »

The question is, are there any Quake players with significant amounts of Cryptocoins on their machines. 8)
Improve Quaddicted, send me a pull request: https://github.com/SpiritQuaddicted/Quaddicted-reviews
Spike
Posts: 2914
Joined: Fri Nov 05, 2004 3:12 am
Location: UK
Contact:

Re: "save pak0.pak" vulnerability

Post by Spike »

frik_file writes in dp+fte are confined to a gamedir/data/ subdir (but not reads). this prevents them from overwriting pak0.pak etc.
leileilol
Posts: 2783
Joined: Fri Oct 15, 2004 3:23 am

Re: "save pak0.pak" vulnerability

Post by leileilol »

Half-Life also fixed this
i should not be here
Post Reply