Forum

> > CS2D > General > ATTENTION! Don't run maps you've downloaded!
Forums overviewCS2D overviewGeneral overviewLog in to reply

English ATTENTION! Don't run maps you've downloaded!

46 replies
Page
To the start Previous 1 2 3 Next To the start

old Re: ATTENTION! Don't run maps you've downloaded!

Sparty
Reviewer Off Offline

Quote
user Ahmad has written
Does it work with offline servers as well?

user ohaz has written
UNTIL IT'S FIXED: Please DON'T start maps you've downloaded from servers on your pc / server! It's for your own safety!


Lol..hah... no, i dont think cause how the hell can you download maps with offline servers..

old Re: ATTENTION! Don't run maps you've downloaded!

FlooD
GAME BANNED Off Offline

Quote
so basically the bug uses the if trigger to do some os.*** and io.*** stuff in lua?

well i guess we should all have the same warning for not running any downloaded scripts in the file archive since those could potentially do the same

cs2d's lua should have os. and io. tables set to nil by default so that nothing can access it.

old Re: ATTENTION! Don't run maps you've downloaded!

Necr0
User Off Offline

Quote
@user Ahmad: It is dangerous in offline servers, too.

@user FlooD: I don't think they should disable io and os functions completly. It would be nice if they would be nice to have functions wich are restricted only to save and read in the CS2D directory. and also disable some functions like os.execute and os.exit. I don't want to have absolutly no access to the file system. It would be aweful to have no way for saving information.
Also functions like require sould be disabled. I don't have any experience with LibFunctions at all but I think the could access everything anyways.
edited 1×, last 25.01.14 02:40:48 pm

old Re: ATTENTION! Don't run maps you've downloaded!

Starkkz
Moderator Off Offline

Quote
@user Avo: I should make a list of functions that must be disabled or protected, you can easily hack my last Lua script with getfenv and return to the main state function environment (The values stored in the _G table), that would remove the protection. However, my next theory is protecting the C functions with Lua functions that have a redefined function environment, so when you try to get the function environment of a C function, you won't have access to the _G table of the main state.

old Re: ATTENTION! Don't run maps you've downloaded!

Sparty
Reviewer Off Offline

Quote
user TimeQuesT has written
user Ahmad has written
@user Sparty: I mean when I start an offline server with the infected maps.


Whenever you start a downloaded map there could be the danger that it contains 'viruses'. It's not all about trigger_if. the trigger is just the key.


I thought it was impossible to transfer virus in a Game like CS2D.

old Re: ATTENTION! Don't run maps you've downloaded!

TimeQuesT
User Off Offline

Quote
I recently developed a tool to check if you're infested.
I do not guarantee that this will work 100% correctly.

How to use:
1.Place the executable inside your cs2d root folder.
(The one which contains all files)

2.Execute it.

3.Check results.

You can download it here:
DOWNLOAD | dynamic libgcc (WIN32 only)

DOWNLOAD | static libgcc (Should work correctly | WIN32 only)

DOWNLOAD (non-bplaced link)

edited 1×, last 04.02.14 04:37:32 pm
To the start Previous 1 2 3 Next To the start
Log in to replyGeneral overviewCS2D overviewForums overview