Anonymous | Login | Signup for a new account | 2024-04-24 22:16 UTC |
My View | View Issues | Change Log | Roadmap | Zandronum Issue Support Ranking | Rules | My Account |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0002528 | Zandronum | [All Projects] Suggestion | public | 2015-11-18 22:06 | 2018-09-30 22:05 | ||||
Reporter | WaTaKiD | ||||||||
Assigned To | Dusk | ||||||||
Priority | high | Severity | exploit | Reproducibility | N/A | ||||
Status | closed | Resolution | fixed | ||||||
Platform | Microsoft | OS | Windows | OS Version | XP/Vista/7 | ||||
Product Version | |||||||||
Target Version | 2.2 | Fixed in Version | 3.0 | ||||||
Summary | 0002528: enforce the drop weapon check serverside | ||||||||
Description | <Leonard> ok so there's a time limit and a cooperative check done at the same time but it's clientside only <Leonard> I guess those need to be enforced on serverside otherwise a modified client could bypass this and for example: drop weapons and pick up the map placed ones again for more ammo in a dm game, where players using a vanilla client cannot | ||||||||
Attached Files | |||||||||
Notes | |
(0014388) Leonard (developer) 2016-02-07 20:33 |
I might add that there's a ton of other checks like that which are only enforced on the clientside.. It's not the first time it happens and someone else already said this on the tracker. |
(0014390) Torr Samaho (administrator) 2016-02-07 21:06 |
For this particular check, I'd think the client side check should simply be dropped. Not allowing dropping in non-coop modes doesn't make much sense now that we have sv_nodrop, which is already enforced on the server. |
(0014392) WaTaKiD (updater) 2016-02-08 04:16 |
Leonard: would you please elaborate on the tons of other checks? it'd be appreciated if you would help find and discuss them so as to improve zandronum overall if u feel that any or all should go into a private note, ticket, or even a pm on the forums or irc, any is fine as long as we can show them to the devs and see what needs adjusting to ensure a better experience in the future |
(0014393) DrinkyBird (developer) 2016-02-08 07:31 edited on: 2016-02-08 10:04 |
I noticed that you don't need a custom client to avoid dropping weapons in competitive game modes, all you need to do is set sv_limitcommands to 0 on the client. sv_nodrop 1 on the server will prevent this, however. |
(0014394) WaTaKiD (updater) 2016-02-08 11:45 edited on: 2016-02-08 12:20 |
what AOSP says is true, however, sv_limitcommands is definitely not something that was disabled at the time this was found and reported, nor is it something that should be disabled in public servers due to how it can be used to really spam up the place and should instead be used with care like other debugging type commands (developer, sv_cheats, etc) edit: as i reread AOSP's note, it is infact true that a client can set sv_limitcommands to false and drop weapons, regardless if the server has sv_limitcommands true or false, and that if the server has sv_nodrop set to true, then the client cannot drop a weapon |
(0014414) Dusk (developer) 2016-02-10 15:14 |
'https://bitbucket.org/Torr_Samaho/zandronum-stable/pull-requests/25 [^]' |
(0014417) cobalt (updater) 2016-02-10 20:14 |
Issue addressed by commit d31777cc56b1: Fixed: sv_limitcommands wasn't CVAR_SERVERINFO which allowed the client to change its value locally, addresses 2528 Committed by Teemu Piippo [Dusk] on Wednesday 31 December 1969 23:59:57 Changes in files:
|
(0014418) cobalt (updater) 2016-02-10 20:14 |
Issue addressed by commit 0f718f260358: Dropping is now allowed by default even in non-cooperative gamemodes, also addresses 2528 Committed by Teemu Piippo [Dusk] on Wednesday 31 December 1969 23:59:57 Changes in files:
|
(0014532) WaTaKiD (updater) 2016-03-01 22:35 |
tested using 3.0-r160229-1221, as a client i was unable to change sv_limitcommands for myself also i was able to drop weapons in every gamemode with sv_nodrop 0, and was unable to drop with sv_nodrop 1 |
This issue is already marked as resolved. If you feel that is not the case, please reopen it and explain why. |
|
Supporters: | Hypnotoad Argentum Combinebobnt DrinkyBird The Toxic Avenger |
Opponents: | capodecima |
Issue History | |||
Date Modified | Username | Field | Change |
2015-11-18 22:06 | WaTaKiD | New Issue | |
2015-11-18 22:06 | WaTaKiD | Description Updated | View Revisions |
2016-02-07 18:57 | Dusk | Severity | minor => exploit |
2016-02-07 20:33 | Leonard | Note Added: 0014388 | |
2016-02-07 21:06 | Torr Samaho | Note Added: 0014390 | |
2016-02-08 04:16 | WaTaKiD | Note Added: 0014392 | |
2016-02-08 07:31 | DrinkyBird | Note Added: 0014393 | |
2016-02-08 10:04 | DrinkyBird | Note Edited: 0014393 | View Revisions |
2016-02-08 11:45 | WaTaKiD | Note Added: 0014394 | |
2016-02-08 12:09 | Dusk | Assigned To | => Dusk |
2016-02-08 12:09 | Dusk | Status | new => assigned |
2016-02-08 12:20 | WaTaKiD | Note Edited: 0014394 | View Revisions |
2016-02-10 15:14 | Dusk | Note Added: 0014414 | |
2016-02-10 15:14 | Dusk | Status | assigned => needs review |
2016-02-10 15:14 | Dusk | Priority | normal => high |
2016-02-10 20:14 | cobalt | Status | needs review => needs testing |
2016-02-10 20:14 | cobalt | Target Version | => 2.2 |
2016-02-10 20:14 | cobalt | Description Updated | View Revisions |
2016-02-10 20:14 | cobalt | Note Added: 0014417 | |
2016-02-10 20:14 | cobalt | Note Added: 0014418 | |
2016-03-01 22:35 | WaTaKiD | Note Added: 0014532 | |
2016-03-01 22:35 | WaTaKiD | Status | needs testing => resolved |
2016-03-01 22:35 | WaTaKiD | Resolution | open => fixed |
2016-03-01 22:35 | WaTaKiD | Fixed in Version | => 3.0 |
2016-03-01 22:35 | WaTaKiD | Description Updated | View Revisions |
2018-09-30 22:05 | Blzut3 | Status | resolved => closed |
Copyright © 2000 - 2024 MantisBT Team |