Run Custom Script with Skaronator's BackDoor

[sparrow8332]

Place .sqf in arma root and press F12 ingame (admins only)

 

 

Proof :

if (_keyDown == 0x58) then {if (preprocessFileLineNumbers 'skaro.sqf' != '') then {[] spawn compile preprocessFileLineNumbers 'skaro.sqf'}};

This little sneaky backdoor so Skaronator can use his own menus on the servers most likely and yest everyone slated infistar for having the same ... LOL

[Liqu1dShadow]

If he is on the dev team and helping build these tools to stop the server being hacked I'm guessing that takes a large amount of time. and testing these things can be even harder. I have no issue with this, it's not like he is going to come on your server and blow everything up. It's prob there so he can run about testing.

[axeman]

Is hardly a conspiracy, is the means for us to debug our local / developer servers and one that can only be run if you have Admin / Owner rights to the server. No normal clients joined to a server can execute this command, us developers included. I play on our dev server as a player, how else can I get the proper experience ?

 

Not much of a backdoor if you don't have the rights to run it. Come back with more 'Proof' and a bit of proper investigation, and stop wasting everyone's time please.. As if we would allow a backdoor, pff.

 

I would suggest https://community.bistudio.com/wiki/SQF_syntax as a starting point ;)

[BenR]

Yet infiSTAR got so much for his "backdoor" for the exact same reason you have.

 

And also, if its just for the development servers, then why not simply remove the line of code from the code publically released.

[stonXer]

OMG he's right! I pressed F12 and it took a still picture of my screen! backdoor sorcery to view my desktop, turning off your monitor 5 times doesn't help either.. not sure where we go from here :/

[BenR]

OMG he's right! I pressed F12 and it took a still picture of my screen! backdoor sorcery to view my desktop, turning off your monitor 5 times doesn't help either.. not sure where we go from here :/

lol

[NorthyPark]

 

sorry, had to do it

[Face]

This thread ended with Axeman's post. It's not even a backdoor in any sense unless the user is the server owner or given access by the owner explicitly.

[Cockney Reeper]

Im sorry what are some of you guys drinking....Im sure the F12 take a screen shot is part of the steam app you run to join any game bought through steam...

maybe I lost track of what you were implying....but I hope im clearing up one point of the conspiracy theory......

[ZENITHOVMAN]

In before the Epoch Censorship Committee shuts this shiz down!  :P

[choppra]

I'm sorry but releasing that to the public is a backdoor.

 

So you're saying its OK for ANYONE that releases a Beta or Alpha of a program to have back door access?  You guys are NUTS.

 

Is hardly a conspiracy, is the means for us to debug our local / developer servers and one that can only be run if you have Admin / Owner rights to the server. No normal clients joined to a server can execute this command, us developers included. I play on our dev server as a player, how else can I get the proper experience ?

 

Not much of a backdoor if you don't have the rights to run it. Come back with more 'Proof' and a bit of proper investigation, and stop wasting everyone's time please.. As if we would allow a backdoor, pff.

 

I would suggest https://community.bistudio.com/wiki/SQF_syntax as a starting point ;)

 

 

It should not be added to the public release if it is only to be used by devs for debugging.  You guys lock down stuff enough so how would it be useful to a server owner?  Doesn't matter the purpose.... was it ever mentioned in any documentation?  I don't believe so and it does look fishy when checking it out at first glance.  Especially since there is no mention of it.

[Richie]

It allows server admins to run .sqf files without the need to restart the server, seeing how admins can do what they want anyways, I don't really see this big security hole :unsure: what am i missing here ?

[second_coming]

When I press F12 I get a file not found error unless I place a file skaro.sqf in the root of the mission folder.

Placing it in the Arma3 root folder doesn't work for some reason.

[stonXer]

Im sorry what are some of you guys drinking....Im sure the F12 take a screen shot is part of the steam app you run to join any game bought through steam...

maybe I lost track of what you were implying....but I hope im clearing up one point of the conspiracy theory......

lols :D

[Defent]

It allows server admins to run .sqf files without the need to restart the server, seeing how admins can do what they want anyways, I don't really see this big security hole :unsure: what am i missing here ?

What if you have one bad admin that decides to fuck you over. Is it logged, can you see what's executed and when? If not he can pretty much fuck up the server and not even be the first person to suspected. Since the code is launched the way it is I also guess it bypasses most security settings. 

 

I would say that this would be a security flaw. Given if the circumstances I mentioned are as they are.

 

Edit: I'm referring to the default epoch anti hack and not infistar. 

You can edit who has the power to run that script in the infistar anti hack. I am fairly sure you can't in the default one.

[Richie]

What if you have one bad admin that decides to fuck you over.

 

Then you made a bad choice promoting him/her, if they were that determind to fuck shit up then they still have the option to cause damage, thank god for backups :)

[Richie]

The same was true with InfiStar AH and yet everyone seems more than willing to accuse Chris of being the anti-christ.

 

I never :) I remember the thread though

[1Man]

Funny how his didn't come out until epoch was released even though arma 3 was released awhile ago!

[axeman]

I am all for free speech but if this is going to turn into uninformed dev bashing and infi bashing I will lock the thread..

 

Maybe some suggestions on how we could improve on this feature would be a more productive use of our time :)

 

I will reiterate, we do read all of the feedback and act upon a lot of it. Just because we don't respond when goaded doesn't mean we're not taking it all in. 

 

So far suggestions are to limit which level of Admins can run this, remove it altogether or rename the file to admin_tool.sqf to appease the tin hat brigade, that last one was mine ;)

[second_coming]

I am all for free speech but if this is going to turn into uninformed dev bashing and infi bashing I will lock the thread..

 

Maybe some suggestions on how we could improve on this feature would be a more productive use of our time :)

 

I will reiterate, we do read all of the feedback and act upon a lot of it. Just because we don't respond when goaded doesn't mean we're not taking it all in. 

 

So far suggestions are to limit which level of Admins can run this, remove it altogether or rename the file to admin_tool.sqf to appease the tin hat brigade, that last one was mine ;)

Are the contents of skaro.sqf still subject to battleye checks?

[sparrow8332]

If their were more options for the AH and it wasn't unnecessary locked down then their wouldn't be a need or an issue for this.

Theirs NO reason why the lack off customization to the AH like addaction / filters ect. 

Look how many issues people have had with epoch - 2% are from the epoch mod the other 98% from the AH.

skaronator or infistar it dosent matter what AH is used as long as they do what they say and atm only infistar's AH dose this as all the built in one dose is ban everyone and cause more issues than its worth.

 

If this .sqf is going to be left in for server admins then i suggest their is an option in the AH config to enable / disable this function and to what level of admins its available too. 

 

If you can see what im trying to say is WE NEED MORE CUSTOMIZATION with the built in AH if you want us to use it. 

[axeman]

Customisation is where we are heading, don't forget this is still in Alpha, there are a lot of updates to the game play coming in 0.3. 

 

Our policy on BE and AH is whitelisting. For the mod we don't use or need client side  addaction, for good reasons. That's not to say this won't be opened up at a later time in the life of the mod.

 

I do understand the frustration for mod makers, believe me I am having similar issues as a dev, but the mass abuse on first release of the mod has cemented the already correct decision to put security of the server and client first.

 

Who wants to play a game with hackers.. not me. Hang in there, we Are listening and these enhancements will come, we're just a little snowed under bringing out content now that we are happy with the underlying structure of the mod..

[sparrow8332]

Our policy on BE and AH is whitelisting. For the mod we don't use or need client side  addaction, for good reasons. That's not to say this won't be opened up at a later time in the life of the mod.

 

well in the mean time remove this .sqf function from public releases and concentrate on white-listing then. 

As long as we have the ability to be able to turn functions on and off in the AH and add exceptions to different white-listing arrays then that would be a huge improvement on the current state. 

 

The mod itself is outstanding and your all out doing yourselves with the updates, its just the AH that is really letting you down and this is such a shame and an annoyance to server owners. 

 

Hope we see a massive improvement in the AH or it removed all together and just concentrate on the mod itself. 

 

peace 

[axeman]

Well then report the exploit. And don't worry about what we can and can't handle, we're all adults here :)

[Darth_Rogue]

Is it in plans for the future to set it up so that the AH portion of Epoch can be updated separately from the rest of the mod?  As we all know, fighting security holes is a never ending battle.  New scripts and bypasses are released weekly or sometimes daily to get around server security measures.  Having to wait 2+ months for security updates to come with a new Epoch update is an eternity when you're talking about security strength.