Graal Forums  

Go Back   Graal Forums > Graal V6 forums > Announcements
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Rate Thread Display Modes
  #1  
Old 09-15-2005, 03:23 AM
Admins Admins is offline
Graal Administration
Join Date: Jan 2000
Location: Admins
Posts: 11,693
Admins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud of
Exclamation Updates for GServer and NPCServer

This is not directly script related, but something for developers in general. You eventually need to restart the gserver or npcserver to enable the new stuff.
GServer updates:
- warpto=false and ignorewarpto=true options (are the same, but the second doesn't display an error message)
- warpto is not accepted when the player types illegal coordinates (like warpto blah blah)
- toguild messages are handed " better (displayed correctly in v4, an additional \ in the text will appear in v2)
- on the npcserver levels are not removed from the memory ("swapped out") when a player is still idling there after the normal timeout (5 minutes), so preventing problems of disappearing npcs
- the colors of npcs are sent on first write, so it's easier to do npcs with newbie colors
- some security problems with scripted RC have been fixed (all servers using new scripting engine have already been restarted to make this take effect)
- ghosts can do serverwarp now, so the serverlist is working on all servers
Reply With Quote
  #2  
Old 09-15-2005, 04:14 AM
calani calani is offline
Scriptess
calani's Avatar
Join Date: Aug 2003
Location: asmgarden.gmap
Posts: 606
calani is on a distinguished road
Send a message via AIM to calani
Quote:
Originally Posted by Stefan
some security problems with scripted RC have been fixed (all servers using new scripting engine have already been restarted to make this take effect)
Is this the fix for the setrights bug?
__________________
Reply With Quote
  #3  
Old 09-15-2005, 04:40 AM
ForgottenLegacy ForgottenLegacy is offline
-Backtoscripts-
Join Date: Aug 2003
Location: California
Posts: 289
ForgottenLegacy is on a distinguished road
Send a message via AIM to ForgottenLegacy
Quote:
Originally Posted by calani
Is this the fix for the setrights bug?
I'm testing that right now Ash. I'll update.

EDIT:
Quote:
New Client-RC: Kaidenn (Heartless) (ForgottenLegacy)
ForgottenLegacy prob: not authorized for changing admin rights
Yup, the bug is fixed.

Thanks Stefan.
__________________
"The higher you fly, the harder it is to breathe."

[Kaidenn] Maybe I will somehow take control of Lance's body when he isn't looking, have him log onto Kingdoms, update one script, and leave.
[Kaidenn] And leave him exactly where I found him, unchanged and completely unnaware of what just took place the last two minutes.
[GrowlZ] Lance: You might want to lock your bedroom door tonight
Reply With Quote
  #4  
Old 09-15-2005, 07:59 AM
calani calani is offline
Scriptess
calani's Avatar
Join Date: Aug 2003
Location: asmgarden.gmap
Posts: 606
calani is on a distinguished road
Send a message via AIM to calani
wooo, good!
__________________
Reply With Quote
  #5  
Old 09-16-2005, 01:26 AM
Ajira Ajira is offline
Poont.
Join Date: Oct 2004
Location: NY, USA
Posts: 477
Ajira is on a distinguished road
Quote:
Originally Posted by calani
Is this the fix for the setrights bug?
What setrights bug are you talking about?
__________________
Liek omigosh.

Reply With Quote
  #6  
Old 09-16-2005, 03:12 AM
ForgottenLegacy ForgottenLegacy is offline
-Backtoscripts-
Join Date: Aug 2003
Location: California
Posts: 289
ForgottenLegacy is on a distinguished road
Send a message via AIM to ForgottenLegacy
Quote:
Originally Posted by Ajira
What setrights bug are you talking about?
The ability for anyone and everyone who has access to a weapon script to set anyone's rights, regardless if they have that ability or not. I saw it abused once by a staffer who was fired, to get back at the Admins. It was a pretty nasty little bug, and it was basically with a clientrc + sendtext that a person could set someone's rights.
__________________
"The higher you fly, the harder it is to breathe."

[Kaidenn] Maybe I will somehow take control of Lance's body when he isn't looking, have him log onto Kingdoms, update one script, and leave.
[Kaidenn] And leave him exactly where I found him, unchanged and completely unnaware of what just took place the last two minutes.
[GrowlZ] Lance: You might want to lock your bedroom door tonight
Reply With Quote
  #7  
Old 09-16-2005, 05:17 AM
Ajira Ajira is offline
Poont.
Join Date: Oct 2004
Location: NY, USA
Posts: 477
Ajira is on a distinguished road
Quote:
Originally Posted by ForgottenLegacy
The ability for anyone and everyone who has access to a weapon script to set anyone's rights, regardless if they have that ability or not. I saw it abused once by a staffer who was fired, to get back at the Admins. It was a pretty nasty little bug, and it was basically with a clientrc + sendtext that a person could set someone's rights.
Oh you mean the sendtext() rights worked without having the edit rights right? @[email protected] wowsers
__________________
Liek omigosh.

Reply With Quote
  #8  
Old 09-16-2005, 05:23 AM
ForgottenLegacy ForgottenLegacy is offline
-Backtoscripts-
Join Date: Aug 2003
Location: California
Posts: 289
ForgottenLegacy is on a distinguished road
Send a message via AIM to ForgottenLegacy
Quote:
Originally Posted by Ajira
Oh you mean the sendtext() rights worked without having the edit rights right? @[email protected] wowsers
Yup. Worked like a cham. Would remove every single right you shared with that person, including clearing their IPRange (so they couldn't sign on) and their Folderrights. Was a nasty little bug.

This was said on Exploit RC when I brought this bug to Stefan's attention:
Quote:
Kaidenn: This is the SetRights bug.
Kaidenn: I would like it fixed before it is abused. x-x
dnd: hmmm
dnd: evil yes
ShadowBlaze - DND WORKING: lol
Kaidenn: Indeed.
__________________
"The higher you fly, the harder it is to breathe."

[Kaidenn] Maybe I will somehow take control of Lance's body when he isn't looking, have him log onto Kingdoms, update one script, and leave.
[Kaidenn] And leave him exactly where I found him, unchanged and completely unnaware of what just took place the last two minutes.
[GrowlZ] Lance: You might want to lock your bedroom door tonight
Reply With Quote
  #9  
Old 09-16-2005, 02:36 PM
Admins Admins is offline
Graal Administration
Join Date: Jan 2000
Location: Admins
Posts: 11,693
Admins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud ofAdmins has much to be proud of
Most people don't know the format / values they can set though, so I have not seen someone giving themself rights. Also setting comments and the local ban was not protected. Those were functions which have been added for giving more power to the scripted RC, but have not been implemented in the RC script and that's why they weren't tested a lot.
Reply With Quote
  #10  
Old 09-16-2005, 08:39 PM
ChibiChibiLuc ChibiChibiLuc is offline
Cookie Monster. :3
Join Date: Jan 2005
Location: Nova Scotia, Canada
Posts: 111
ChibiChibiLuc is on a distinguished road
Send a message via AIM to ChibiChibiLuc Send a message via MSN to ChibiChibiLuc
Quote:
Originally Posted by Ajira
Oh you mean the sendtext() rights worked without having the edit rights right? @[email protected] wowsers
Come on Ajira, after all that bragging about being able to take over servers? >_>


But yeah, since this is my post for the day, I have a request:
Could a command that lets us access offline accounts be added
Reply With Quote
  #11  
Old 09-17-2005, 05:06 AM
Ajira Ajira is offline
Poont.
Join Date: Oct 2004
Location: NY, USA
Posts: 477
Ajira is on a distinguished road
Quote:
Originally Posted by ChibiChibiLuc
Come on Ajira, after all that bragging about being able to take over servers? >_>


But yeah, since this is my post for the day, I have a request:
Could a command that lets us access offline accounts be added
Actually, I was thinking a different way, didn't know it just worked with sendtext.
__________________
Liek omigosh.

Reply With Quote
  #12  
Old 09-30-2005, 07:18 AM
Velox Cruentus Velox Cruentus is offline
Registered User
Velox Cruentus's Avatar
Join Date: Dec 2004
Location: Quebec, Canada
Posts: 465
Velox Cruentus is on a distinguished road
Send a message via ICQ to Velox Cruentus Send a message via AIM to Velox Cruentus
You know, this bug isn't fixed completely yet, Stefan, about changing rights. I managed to steal someone's Admin User without even trying (I was just testing my thoughts on it). I would tell you exactly how to proceed, but I doubt it's wise to explore this facade over opened threads.
__________________
In a world of change... Who'll you believe?
Reply With Quote
  #13  
Old 10-01-2005, 07:25 AM
ForgottenLegacy ForgottenLegacy is offline
-Backtoscripts-
Join Date: Aug 2003
Location: California
Posts: 289
ForgottenLegacy is on a distinguished road
Send a message via AIM to ForgottenLegacy
Quote:
Originally Posted by Velox Cruentus
You know, this bug isn't fixed completely yet, Stefan, about changing rights. I managed to steal someone's Admin User without even trying (I was just testing my thoughts on it). I would tell you exactly how to proceed, but I doubt it's wise to explore this facade over opened threads.
I don't think this can be done by script...? I have no clue how that would be even remotely possible by script, if that is what you were talking about.
__________________
"The higher you fly, the harder it is to breathe."

[Kaidenn] Maybe I will somehow take control of Lance's body when he isn't looking, have him log onto Kingdoms, update one script, and leave.
[Kaidenn] And leave him exactly where I found him, unchanged and completely unnaware of what just took place the last two minutes.
[GrowlZ] Lance: You might want to lock your bedroom door tonight
Reply With Quote
  #14  
Old 10-01-2005, 07:40 AM
napo_p2p napo_p2p is offline
oh snaps
napo_p2p's Avatar
Join Date: Sep 2003
Location: Pismo Beach, California
Posts: 2,118
napo_p2p has a spectacular aura aboutnapo_p2p has a spectacular aura about
Send a message via AIM to napo_p2p Send a message via MSN to napo_p2p
Quote:
Originally Posted by ForgottenLegacy
I don't think this can be done by script...? I have no clue how that would be even remotely possible by script, if that is what you were talking about.
There was a bug with GS2 (with 'sendtext') that allowed people to change rights. Velox is just saying that there still is a way.

I was possible before (looks like it still is...)
__________________
Scito hoc super omnia.
Haec vita est tua una sola.
Dum vita superest, utere maxime quoque puncto, momento, et hora quae habes.
Tempus neminem non manet.
Noli manere tempus.
Carpe Diem

Seize the Day.
Reply With Quote
  #15  
Old 10-01-2005, 02:18 PM
Ajira Ajira is offline
Poont.
Join Date: Oct 2004
Location: NY, USA
Posts: 477
Ajira is on a distinguished road
Quote:
Originally Posted by napo_p2p
There was a bug with GS2 (with 'sendtext') that allowed people to change rights. Velox is just saying that there still is a way.

I was possible before (looks like it still is...)
But how would he steal an account with a script? @[email protected]
__________________
Liek omigosh.

Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 12:40 AM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.