![]() |
#21 |
Little Clucker
![]() Join Date: Jul 2017
Posts: 21
Reputation: 0
|
![]()
It mustn't be RAT,it could be ANYTHING,!!
|
![]() |
![]() |
#22 | |
Little Clucker
![]() Join Date: Feb 2014
Posts: 43
Reputation: 14
|
![]() Quote:
|
|
![]() |
![]() |
#23 |
Big Clucker
![]() ![]() Join Date: Sep 2016
Location: Serbia
Posts: 118
Reputation: 3
|
![]()
Learn programing, thx
![]() |
![]() |
![]() |
#24 |
Little Clucker
![]() Join Date: Apr 2013
Posts: 33
Reputation: 18
|
![]()
Calm it down.
IF then you're only able to drop non-dff files, SA-MP itself doesn't treat it as a executable. Like I said the only apparent way would be some sort of exploit in the file format itself to execute arbitrary code like we had on the TD system back then. |
![]() |
![]() |
#25 |
Gangsta
![]() ![]() ![]() ![]() Join Date: Oct 2016
Location: CookieDM - https://discord.gg/p7ahv8s
Posts: 920
Reputation: 171
|
![]()
Scared to death, omg what me gon do
|
![]() |
![]() |
#26 | |
Beta Tester
![]() ![]() ![]() ![]() ![]() Join Date: Jun 2008
Location: 629 - git.io/Y
Posts: 15,693
Reputation: 3226
|
![]()
That's not how any of this works!
A file downloaded by the game is passed to GTA's DFF file parser. If the file is an executable, it is not just randomly run, instead the game will still try and interpret it as a model, and probably fail. Think of it this way - if you download an EXE, then try and open that file from notepad, it doesn't RUN the file, just shows you the contents. Or an even better example is a BAT file - which you can happily read from inside notepad without ever executing it. BAT, RAT, EXE, it doesn't matter; they won't be run, because they are never told to run. Instead, they are loaded as models. HOWEVER, this is NOT the same as the warning Kalcor gave about models themselves with embedded issues. GTA was originally a single-player game with no modding. This meant that all the files it was ever intended to load were the models provided with the game. Therefore certain checks could possibly be skipped, because it was known that all the objects were always valid. Without those checks in place, a well crafted model could MAYBE inject code. However, I say again, THIS IS NOT THE SAME AS JUST RENAMING AN EXE. To the best of my knowledge, there are no known DFF exploits, but I've also not followed the modelling side of things very closely for a few years now. Quote:
^ This is correct. If you are STILL worried then a) you're an idiot (unless you've truly found an exploit in the DFF file parser itself) and b) test it with a non-destructive batch script, maybe one that just touches a file. |
|
![]() |
![]() |
#27 |
Little Clucker
![]() Join Date: Jul 2017
Posts: 21
Reputation: 0
|
![]()
Hmm...maybe ur right...But still i wanna test it
|
![]() |
![]() |
#28 | |
Little Clucker
![]() Join Date: Feb 2014
Posts: 43
Reputation: 14
|
![]() Quote:
However, all .txd and .dff files are renamed when downloaded, so isn't a problem at all. Maybe RCE could exists. Oh man, really? Stop saying st**ids things please. |
|
![]() |
![]() |
#29 |
Gangsta
![]() ![]() ![]() ![]() Join Date: Oct 2016
Location: CookieDM - https://discord.gg/p7ahv8s
Posts: 920
Reputation: 171
|
![]() |
![]() |
![]() |
#30 |
Little Clucker
![]() Join Date: Jul 2017
Posts: 21
Reputation: 0
|
![]()
I still believe in MY theory cuz i think SAMP is opening em comlete but maybe it isnt.
|
![]() |
![]() |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Unoccupied vehicle sync, boat surfing pausing issue, parachute with vehicle issue, surfing w/ skydiving issue | Kar | Bug Reports | 2 | 10/06/2013 10:24 AM |
Security issue with Y_INI + Dialog reg system. | caki | Scripting Help | 0 | 27/11/2012 03:31 PM |
Harmfull security issue (server-sided UDP floods) | ExoSanty | Bug Reports | 7 | 07/03/2012 10:04 PM |
E-Mail Adress or another way to report a major security issue | Seoson | Server Support | 4 | 08/01/2012 10:06 PM |
security cam id | akis_tze | Help Archive | 3 | 08/02/2010 02:36 PM |