Ulysses
Ulysses Stuff => Suggestions => Topic started by: anticept on May 06, 2008, 08:00:05 PM
-
There is a exploit which was discovered in a source mod that crashes servers by simply inputting a console command, and I have discovered Garry's Mod is also vulnerable (keeping it under wraps). Can we possibly get a command blocker that prevents this command? I will PM what the command is either to a Ulysses dev who is interested, or to someone who has made a working, and tested, module.
Thanks!
-
please email more detail to teamulysses@ulyssesmod.net
One of us may respond.
-
I have a running topic on the progress here:
http://forums.facepunchstudios.com/showthread.php?p=9859965
-
If garry hadn't removed Ucommand you could use that to remove the command :P
-
This is what I came up with. http://forums.facepunchstudios.com/showthread.php?p=9866502
Any suggestions (in commented code) would be much appreciated. My big concern at this moment is how to pass information to the server when the client tried to use the exploit, without using a console command.
My other worry is the fact it is all on the client, I am sure a client can figure out a way to override my blocks (I am thinking of at least one way). Suggestions for making this a much more difficult job would be appreciated :)
-
Last I tested, PlayerBindPressed was only called when a player actually pressed a bind, and not when the command was actually entered into the console.
-
That and last I tested it didn't pass it through when it was aliased but I guess that must not be the case anymore.
-
Method 2 worked for both of my servers