04.11.2017, 21:58
It mustn't be RAT,it could be ANYTHING,!!
0.3.8 Security Issue
04.11.2017, 22:00
Quote:
|
Originally Posted by maksicnm
 ITS A REASON CUZ THERE IS NO LINUX VERSION OMFG -_-
0.3.8 will certainly not be for a longer period of time on Linux because it is possible to insert a RAT virus into a file and destroy someone who enters the server, so the current version of Windows is currently running and who can run over it server players can enter that server if they believe in it server, the update is well done, I have been planning to let this be among many others in order to improve the launcher for models, it would be nice if this would be released to the end, along with all the vehicles and other things (antique type and so ) Quoted from Balcan forum. |
04.11.2017, 22:05
Calm it down.
IF then you're only able to drop non-dff files, SA-MP itself doesn't treat it as a executable.
Like I said the only apparent way would be some sort of exploit in the file format itself to execute arbitrary code like we had on the TD system back then.
IF then you're only able to drop non-dff files, SA-MP itself doesn't treat it as a executable.
Like I said the only apparent way would be some sort of exploit in the file format itself to execute arbitrary code like we had on the TD system back then.
04.11.2017, 22:08
That's not how any of this works!
A file downloaded by the game is passed to GTA's DFF file parser. If the file is an executable, it is not just randomly run, instead the game will still try and interpret it as a model, and probably fail. Think of it this way - if you download an EXE, then try and open that file from notepad, it doesn't RUN the file, just shows you the contents. Or an even better example is a BAT file - which you can happily read from inside notepad without ever executing it.
BAT, RAT, EXE, it doesn't matter; they won't be run, because they are never told to run. Instead, they are loaded as models.
HOWEVER, this is NOT the same as the warning Kalcor gave about models themselves with embedded issues. GTA was originally a single-player game with no modding. This meant that all the files it was ever intended to load were the models provided with the game. Therefore certain checks could possibly be skipped, because it was known that all the objects were always valid. Without those checks in place, a well crafted model could MAYBE inject code. However, I say again, THIS IS NOT THE SAME AS JUST RENAMING AN EXE. To the best of my knowledge, there are no known DFF exploits, but I've also not followed the modelling side of things very closely for a few years now.
No, not in any theory at all.
^ This is correct.
If you are STILL worried then a) you're an idiot (unless you've truly found an exploit in the DFF file parser itself) and b) test it with a non-destructive batch script, maybe one that just touches a file.
A file downloaded by the game is passed to GTA's DFF file parser. If the file is an executable, it is not just randomly run, instead the game will still try and interpret it as a model, and probably fail. Think of it this way - if you download an EXE, then try and open that file from notepad, it doesn't RUN the file, just shows you the contents. Or an even better example is a BAT file - which you can happily read from inside notepad without ever executing it.
BAT, RAT, EXE, it doesn't matter; they won't be run, because they are never told to run. Instead, they are loaded as models.
HOWEVER, this is NOT the same as the warning Kalcor gave about models themselves with embedded issues. GTA was originally a single-player game with no modding. This meant that all the files it was ever intended to load were the models provided with the game. Therefore certain checks could possibly be skipped, because it was known that all the objects were always valid. Without those checks in place, a well crafted model could MAYBE inject code. However, I say again, THIS IS NOT THE SAME AS JUST RENAMING AN EXE. To the best of my knowledge, there are no known DFF exploits, but I've also not followed the modelling side of things very closely for a few years now.
Quote:
|
Originally Posted by Misomir
It will open file and when SAMP realize thats not required file it will crash.But,the file is opened which executes program(in theory)
|
Quote:
|
Originally Posted by MyU
Reading the file != parsing & loading a PE.
|
If you are STILL worried then a) you're an idiot (unless you've truly found an exploit in the DFF file parser itself) and b) test it with a non-destructive batch script, maybe one that just touches a file.
04.11.2017, 22:14
Quote:
|
Originally Posted by Y_Less
Therefore certain checks could possibly be skipped, because it was known that all the objects were always valid. Without those checks in place, a well crafted model could MAYBE inject code.
|
However, all .txd and .dff files are renamed when downloaded, so isn't a problem at all. Maybe RCE could exists.
Quote:
|
Originally Posted by maksicnm
Learn programing, thx
 |
04.11.2017, 22:15
Quote:
|
Originally Posted by Misomir
Hmm...maybe ur right...But still i wanna test it
|
Quote:
|
Originally Posted by maksicnm
Learn programing, thx
|
04.11.2017, 22:18
I still believe in MY theory cuz i think SAMP is opening em comlete but maybe it isnt.
04.11.2017, 22:36
Quote:
|
Originally Posted by SlowARG
I remember a bug in MTA custom models parser.
|
04.11.2017, 23:07
Quote:
|
Originally Posted by Y_Less
A bug in a parser is not the same thing as just executing an EXE wholesale. I've even heard of bugs in the parser for reading .DOC files in Word - that doesn't make them EXEs, and trying to open an EXE in word won't execute it.
|
I said that i remember a bug in the parser that leads to RCE.
Regards.
04.11.2017, 23:13
Quote:
|
Originally Posted by Y_Less
That's not how any of this works!
A file downloaded by the game is passed to GTA's DFF file parser. If the file is an executable, it is not just randomly run, instead the game will still try and interpret it as a model, and probably fail. Think of it this way - if you download an EXE, then try and open that file from notepad, it doesn't RUN the file, just shows you the contents. Or an even better example is a BAT file - which you can happily read from inside notepad without ever executing it. BAT, RAT, EXE, it doesn't matter; they won't be run, because they are never told to run. Instead, they are loaded as models. HOWEVER, this is NOT the same as the warning Kalcor gave about models themselves with embedded issues. GTA was originally a single-player game with no modding. This meant that all the files it was ever intended to load were the models provided with the game. Therefore certain checks could possibly be skipped, because it was known that all the objects were always valid. Without those checks in place, a well crafted model could MAYBE inject code. However, I say again, THIS IS NOT THE SAME AS JUST RENAMING AN EXE. To the best of my knowledge, there are no known DFF exploits, but I've also not followed the modelling side of things very closely for a few years now. No, not in any theory at all. ^ This is correct. If you are STILL worried then a) you're an idiot (unless you've truly found an exploit in the DFF file parser itself) and b) test it with a non-destructive batch script, maybe one that just touches a file. |
I did not read that with parsing only
04.11.2017, 23:19
Wondering why is this not locked yet, by the way, the executable will not be renamed to its first extension, if you guys know how to rename it client-sidely, then it will be harmful; else whole of this topic is pointless.
04.11.2017, 23:24
I think the RC1 release post was extremely clear on this issue.
Although there are several new security features related to custom models, these are not yet enabled in the current build. Only use the RC version with people you trust as there could be unknown security flaws in GTA:SA's model formats.
We're at 0.3.8 RC1. This has only been released for private testing. Once we get to RC8 all the formats will be completely locked down.
Even as it stands in RC1, loading dff and txd through SA-MP is safer than downloading a dff/txd from a modding website and running it in your game. At least R*'s collision plugin is disabled in SA-MP.
Although there are several new security features related to custom models, these are not yet enabled in the current build. Only use the RC version with people you trust as there could be unknown security flaws in GTA:SA's model formats.
We're at 0.3.8 RC1. This has only been released for private testing. Once we get to RC8 all the formats will be completely locked down.
Even as it stands in RC1, loading dff and txd through SA-MP is safer than downloading a dff/txd from a modding website and running it in your game. At least R*'s collision plugin is disabled in SA-MP.
« Next Oldest | Next Newest »
Users browsing this thread: 1 Guest(s)