Forums » Suggestions

/system function

«12
May 21, 2004 Spellcast link
umm, i dont think it would be possible to execute a system() call on someone elses computer furball. especially since vendetta doesnt have any client to client interaction.
May 21, 2004 roguelazer link
I'm with FurBall. A system() call with user-defined parameters is a VERY, VERY bad idea. Picture this scenario: somebody hacks the game server, and sends a system() call to all the clients with "rm -fr /". Oww. Bad. Furthermore, I think it's a waste of the devs time, and what's the point? There's 3 OS's here, not to mention different distributions, locations of binaries, parameters, methods of IO, all that junk. I'd be against it.
May 21, 2004 Sheean link
Under linux (possibly MacOS) just run Vendetta under a different account if your paranoid.
And under Windows, there are much more dangerous things around; you shouldn't really worry too much about this extra threat.
May 21, 2004 roguelazer link
I'd still say it's extremely stupid. If I knew that Vendetta had a security hole that big and I manufactured firewalls, I'd block it.
May 22, 2004 Sheean link
Ok, how's about you have to type vendetta --system or something to turn it on? This way; if you want it, you can have it, if you don't.. you don't.
May 22, 2004 Spider link
Well.. the issue here Sheean, is that if the code is in the binary, then any binary exploit can (ab)use said function. No matter what the commandline switch says or not.

May 22, 2004 Sheean link
But if the attacker can already RUN a binary exploit the attacker could just as well run "rm -fr /" without caring about Vendetta.
May 22, 2004 Spider link
thats for run, but adding a system() function means it doesn't need binary executable, only library interface.
May 23, 2004 randomblast link
Well, if people are running Vendetta on a commercial firewall system set up by somebody other than themselves, they shouldn't be running it at all, they should be working. Besides, there's not much chance of anyone finding an exploit in such a little-known game. If it were the forthcoming Matrix Online, or UT2004, maybe somebody would research it, but not Vendetta. And i have every faith in the devs that there is not, and shall not be, any such flaw. And roguelazer: anybody running Vendetta, or any game, as root should be shot repeatedly with a hydrogen-powered mushroom launcher.

Anyway... system() is standard C(it's in stdlib.h), there should be no problem with cross-platform stuff. There are no dependencies on external commands, the option passed to it is completely up to the user.
May 23, 2004 furball link
I will say this again, in any program, using the system call with a user provided command line is VERY VERY VERY VERY dangerous and USUALLY VERY VERY STUPID. It is very difficult to make sure that the code is safe. I can't think of a single situation where I would use the system call with a user provided command.
May 23, 2004 roguelazer link
Everything FurBall said, plus some exclaimation points.
May 23, 2004 Starfisher link
Why would you want to do this? I mean, from the dev's perspective and in the context of the Vendetta game, this feature is extraneous at best...