umm, i dont think it would be possible to execute a system() call on someone elses computer furball. especially since vendetta doesnt have any client to client interaction.

I'm with FurBall. A system() call with user-defined parameters is a VERY, VERY bad idea. Picture this scenario: somebody hacks the game server, and sends a system() call to all the clients with "rm -fr /". Oww. Bad. Furthermore, I think it's a waste of the devs time, and what's the point? There's 3 OS's here, not to mention different distributions, locations of binaries, parameters, methods of IO, all that junk. I'd be against it.

Under linux (possibly MacOS) just run Vendetta under a different account if your paranoid.
And under Windows, there are much more dangerous things around; you shouldn't really worry too much about this extra threat.

I'd still say it's extremely stupid. If I knew that Vendetta had a security hole that big and I manufactured firewalls, I'd block it.

Ok, how's about you have to type vendetta --system or something to turn it on? This way; if you want it, you can have it, if you don't.. you don't.

Well.. the issue here Sheean, is that if the code is in the binary, then any binary exploit can (ab)use said function. No matter what the commandline switch says or not.

But if the attacker can already RUN a binary exploit the attacker could just as well run "rm -fr /" without caring about Vendetta.

thats for run, but adding a system() function means it doesn't need binary executable, only library interface.

Well, if people are running Vendetta on a commercial firewall system set up by somebody other than themselves, they shouldn't be running it at all, they should be working. Besides, there's not much chance of anyone finding an exploit in such a little-known game. If it were the forthcoming Matrix Online, or UT2004, maybe somebody would research it, but not Vendetta. And i have every faith in the devs that there is not, and shall not be, any such flaw. And roguelazer: anybody running Vendetta, or any game, as root should be shot repeatedly with a hydrogen-powered mushroom launcher.

Anyway... system() is standard C(it's in stdlib.h), there should be no problem with cross-platform stuff. There are no dependencies on external commands, the option passed to it is completely up to the user.

I will say this again, in any program, using the system call with a user provided command line is VERY VERY VERY VERY dangerous and USUALLY VERY VERY STUPID. It is very difficult to make sure that the code is safe. I can't think of a single situation where I would use the system call with a user provided command.

Everything FurBall said, plus some exclaimation points.

Why would you want to do this? I mean, from the dev's perspective and in the context of the Vendetta game, this feature is extraneous at best...