Quote:
Originally Posted by fearlessfrog
EDIT: Apologies - wrong thread.
Any more feedback?
Example: It would take five minutes to:
1. Set up a Cliffs of Dover server on your PC, put it on the internet, give it a name as 'New Server - Great New Mission!'
2. Write a tiny c# script on a mission that deletes the users 'My Documents' directory or uploads your local PC's files to a site on the internet.
3. For each person that just connects to the server and hits 'Create' on the flight mission, see how step (2) would impact them. Bad news.
Sorry to be a bit dramatic, but with no comments back and FMB people not even commenting here, it makes me suspect this isn't being taken seriously as a potential problem?
Just to reiterate: It's possible to run executable code on each client PC that just connects to a CoD MP server. Not good.
This should be verified and looked at soon? Hopefully I am wrong?
|
The first and only test that I run is that it does not write files on the PC client, but writes them on the host PC, so until it comes out an exploit to circumvent the system there should be no problems.
Remains a serious and should not be underestimated, which is why we insist that the documents be published soon about what can and what can not be done!
important, do not run missions with scripts downloaded from the internet without first checking what the script does!