Page 2 of 2
Re: "save pak0.pak" vulnerability
Posted: Tue Apr 29, 2014 12:24 pm
by frag.machine
Related to this, all file related builtins from FRIK_FILE extension can do the same damage, even worst. They ought to be at least confined to the files inside the current gamedir.
Re: "save pak0.pak" vulnerability
Posted: Tue Apr 29, 2014 4:11 pm
by Spirit
The question is, are there any Quake players with significant amounts of Cryptocoins on their machines.
Re: "save pak0.pak" vulnerability
Posted: Tue Apr 29, 2014 5:26 pm
by Spike
frik_file writes in dp+fte are confined to a gamedir/data/ subdir (but not reads). this prevents them from overwriting pak0.pak etc.
Re: "save pak0.pak" vulnerability
Posted: Wed Apr 30, 2014 1:13 pm
by leileilol
Half-Life also fixed this