Skip to content

List of Known Vulnerabilities Exploitable by GMs

Jump to bottom
AconiteGodOfSWG edited this page Sep 11, 2020 · 2 revisions
  • Logging for admin commands is handled through CustomerServiceLog and LOG functions, and applied inconsistently. Both methods log hundreds of thousands of entries. For example, every time a player uses /forage, there are over 20 entries added to the CS Log which makes it difficult to even catch usage of admin commands.
  • SRC Console Command Parsers (e.g. /object, /server, /script, /objvar) do not have logging at all (excluding very few of 100s of commands).
  • Sensitive scripts with powerful abilities like working.jbenjtest which has the nukeworld ability, for example, have no logging either nor restrictions beyond an isGod check.
  • Likewise, almost all scripts and commands use isGod checks but do not use getGodLevel checks, so it is near impossible to segment access to only certain commands without extensive overhaul and review of each individual command and script. Many sensitive commands are otherwise unrestricted once a user has turned on god mode.
  • The checks that trigger logging and access to sensitive controls are through the methods isGod and getGodLevel. isGod is a boolean that returns true if god mode is turned on. getGodLevel returns the integer value of an account's assigned god level if god mode is turned on. A GM can completely avoid detection in their actions by using /setgod off.
  • There is no way to differentiate between when sensitive and working/test scripts (e.g. QA Tool) should be turned on or off, such as through a Live Server Mode flag.
  • Scripts that do have isGod checks ran during the OnAttach trigger do not get removed if a user is later removed from the admin table so they can, in theory, use admin scripts attached to them even after they have been removed from the admin table (e.g. OnAttach, OnSpeak, and cmd functions ALL need isGod checks).
  • GM Characters can interact with world and game content like normal players to gain items, credits, etc. usually with hidden advantages.
  • GM Characters can use normal player functions like /tip and /trade to distribute items/credits gained through abuse.
Clone this wiki locally