fixes exploits with the mech fabricator (/vg/) (!830) · Merge requests · vgstation / vgstation13

Rob Nelson requested to merge pull/830/patch-1 into Bleeding-Edge May 28, 2014

Created by: Walter0o

this exploit is in all public builds i could look at.

using the mech fabricator, and you were able to duplicate any obj in the server.

as a nice bonus you could also abuse the part-description-function to identify any atom in the server memory for even easier access to other yet unknown exploits of this kind.

and also range check was missing to make sure you are not on some other z level massproducing guns.

i will not go into details, as it is exactly the same kind of exploit over and over, so if you are interested on how and why these exploits work, see some of my other exploit commits : https://github.com/Baystation12/Baystation12/pull/5068 https://github.com/d3athrow/vgstation13/pull/629

i advise any coder team to be supercautious when changing/writing new Topic procs to prevent these, and to always doublecheck other coder's works.

fixes exploits with the mech fabricator (/vg/)

Merge request reports