OldUnreal (Engine)

I received an anonymous notice to examine the xCoop 1.92 source code again and I was surprised to see that the ForceCommand function has been re-enabled again. As said before, forced command execution on clients can be a severe security risk since untrustworthy admins can use it to execute any crap on a players Unreal client, including nasty things like overwriting .ini files and crashing the client.

The function in question: As you see it WAS commented out (where it reads "Negative") but has been re-introduced. (Where it reads "Positive").

PCube: Can you explain why you made this change, and please DISABLE this kind of functions again? (for always and ever) Thanks.

I hope Unreal 227 client will have a native protection against this.

These kind of functions can even possibly set the paths to other folder, plus I've heard in the brand new version there is even one more function added allowing to do some stuff.

They can start writing log into your dll files and so on if you meet bad admins.

I don't like these kind of functions either.

Yea, Pcube allowed me to test version 1.93, only don't know if he removed it in that version.

Yeah. First off, the 1.71 -> 1.9 series gap was bridged with the help of another user who didn't think it made sense to comment out that function, so he reinstated it. And no, I'm not going to reveal the co-author unless he wants me to.  :-X

This isn't to say that I can't agree with him. It's a function; if the admin wants to be irresponsible with it then that's their problem, NOT mine. It's an issue very similar to the 'gun control' debate in the U.S. - does selling fewer guns prevent more instances of crime? No, not really, because those who commit the crimes won't regard the legal process of attaining the weapon in the first place. This really is not a new issue, as many other mods implement it anyways (no, I'm not going to name anyone and bring them into the argument), and, honestly, if you don't like what an admin is doing, DON'T GO TO THEIR SERVER... word will get around and nobody will go to it.

With all due respect, Hyper, the logic that "deleting the function will solve everyone's problems" really isn't true... The root of the abuse (why is the admin doing it, etc.) should be targeted. Taking away the gun will temporarily solve the problem, but I as a person believe that people inherently want to make decisions that promote themselves socially and won't mindlessly abuse the usage of this function unless they have some serious psychological issues, in which case they're probably determined enough to find another way to continue their acts of childishness.

Btw: This function has been reinstated for a while, and I told a lot of people about it in the active coop community, and, lo and behold, I've heard of ZERO instances of abuse of this function, in case anyone was wondering. What's hilarious is that this debate would never have ensued had I simply obfuscated the source like a "certain" gametype, but I completely endorse a "glass ceiling" approach with my mods.

I know at least about two other people who are able to do that stuff, like having such a functions in their mods or even backdoors for admin functions and I think they are even registered here or were.
I think I know who is the person who helped PCube anyway.

Hmm, I just remembered I had registered on these forums, but looking through the forums to find out what's going on, I wanted to post here first.

Hyper, I respect you completely for your abilities at hosting a successful Unreal server, but in my honest opinion, though you do have a right to notify people of what scripting is in the gametype, you have no right whatsoever to dictate what Pcube should do with it to make it better in your eyes.

If the Unreal community doesn't like the idea of this gametype then there is a simple answer for all of you, don't download it and don't join any servers that run it, and stop telling people what to do.

Whats actually so wrong about it anyway. I think some idiots deserve to have their Unreal get fucked up, its not that Pcube is going to use it agaisnt anyone who calls him asshole or whatever.

Whats actually so wrong about it anyway. I think some idiots deserve to have their Unreal get fucked up, its not that Pcube is going to use it agaisnt anyone who calls him asshole or whatever.

No matter how deserved, this is unethical and not worth even discussing.

Yeah the mentality of the Unreal people shows here. Maybe when you will grown up more you will understand, or maybe not, who knows.

Anyway no matter how bad the person is, this is just outright wrong to mess up their files or PC and it should be count as a crime in internet as is cracking and stuff. Not to mention some of these registered here can do these things. Seriously, what have become to oldunreal? Many "trash" people are registered here now, some of the worst ones too and they only act nice at forums it seems.

As I stated before, you really can't stop people from doing this, nor do you have a right to dictate what people should do.

And, as I said before, if you don't like it don't download it and don't join a server that runs it.

Please don't mix my flow of logic with other comments. Hmm, Leo those are pretty strong words.. please PM me if you have an issue with me, rather than make a public spectacle. Honestly, if people don't want me here then I'll leave. I'm just presenting my rhetoric, not claiming that ANYONE has a right to corrupt anyone else's files.

Please don't mix my flow of logic with other comments. Hmm, Leo those are pretty strong words.. please PM me if you have an issue with me, rather than make a public spectacle. Honestly, if people don't want me here then I'll leave. I'm just presenting my rhetoric,  not claiming that ANYONE has a right to corrupt anyone else's files.

Did I say I have a problems with you? No, I didn't name "you".

Indeed. And Leo, you really think im a little piece of shit that ain't knows everything, do you?

EDIT: Hes always doing this when im having a discussion with him involved.

No comment, you are all overreacting, firstly it was more towards skaarj slayer, secondly, I meant the other persons, but if you want flamewar ok. I actually wonder how can you all be here if you act this way towards people.

I'm just standing up for Pcube, you and probably some others think he will use this to hack everyone he sees. But thats not true. And Im not flaming, you actually start about 'growing up'  again. And that actually tells me enough alreaddy.  I'm more mature then you think i am. I know what to do and what not to. That won't change in like, 5 years?

One word: P4yl3r5

Ok, there's going to always be two sides to this debate.

Some people like to deal with incompetent Unreal players by use of resetting key binds, messing up the client, etc.

Some people like to deal with incompetent Unreal players by using simple commands such as getting rid of a player's weapon if he keeps player-killing, or giving a real bad Unreal player a 5 minute timeout in the skybox

Anyways, the point is that both are effective ways of dealing with uncooperative players. I agree that crashing clients and resetting key binds of random players is wrong. However, in the case of a hacker attempting to crash or hack the server, you can't really take away his weapon and expect him to care, a ban would work but that doesn't really stop some hackers. This kind of situation in my opinion, is an appropriate excuse for resetting key binds or crashing the game, etc.

However, besides that, Pcube didn't post this thread saying "xcoop is realeesed and now i will h4x0rs you all, lolz!", no he said that it can be used to help Unreal players a lot better than most coop gametypes out there.

Sure, the average Unreal player can download it and use it to be an abusive admin, but as I said there's a simple solution, don't join servers that run it, or only join it if the admins are respected Unreal players or your trusted friends.

I'm telling you all that Pcube is NOT forcing you guys to download this and not EVERYONE will download it and use it on their servers, so if you don't like it, don't download it and don't join servers that run it.

And for the last time, stop telling people what to do. Being respected Unreal PLAYERS doesn't make you the dictators of it.

And for the last time, stop telling people what to do. Being respected Unreal PAYLERS doesn't make you the dictators of it.

Alright, but I never told anyone to not download xcoop, I think it is a good gametype, though the focecommand bothers me as does the others. Admins like Shivaxi never use that function anyway and so on, these servers are safe.

Too bad he is leaving Unreal, but he is sick of these Paylers around.

One word: P4yl3r5

What means that anyway?

One word: P4yl3r5

What means that anyway?

That is Paylers, a mixed name of Player, it came out as from a funny situation earlier this year on Pcube's server. Some player who I thought was random noob joined there and acted like noob and then through using the name changing gun which flips other people's names, his name suddenly became Payler, then Red Horned Murderer said: "Wth are you tax payer or something?" That is how it was made.

There's really no point in arguing about it. As stated before, if anyone wants to be safe from this mod send me an e-mail: smartball@smartball-unreal.com

Yeah. First off, the 1.71 -> 1.9 series gap was bridged with the help of another user who didn't think it made sense to comment out that function, so he reinstated it. And no, I'm not going to reveal the co-author unless he wants me to.

This isn't to say that I can't agree with him. It's a function; if the admin wants to be irresponsible with it then that's their problem, NOT mine. It's an issue very similar to the 'gun control' debate in the U.S. - does selling fewer guns prevent more instances of crime? No, not really, because those who commit the crimes won't regard the legal process of attaining the weapon in the first place. This really is not a new issue, as many other mods implement it anyways (no, I'm not going to name anyone and bring them into the argument), and, honestly, if you don't like what an admin is doing, DON'T GO TO THEIR SERVER... word will get around and nobody will go to it.

With all due respect, Hyper, the logic that "deleting the function will solve everyone's problems" really isn't true... The root of the abuse (why is the admin doing it, etc.) should be targeted. Taking away the gun will temporarily solve the problem, but I as a person believe that people inherently want to make decisions that promote themselves socially and won't mindlessly abuse the usage of this function unless they have some serious psychological issues, in which case they're probably determined enough to find another way to continue their acts of childishness.

I have first-hand experience with admins who attacked me for absolutely no abuse at all, at your server even. Therefore I can certainly say that "The root of the abuse (why is the admin doing it, etc.) should be targeted." will not prevent abuse of the admin functions.

I however fully agree with you that deleting the ForceCommand function will NOT solve the problem totally. There probably are similar tools around which I did not notice yet and probably will never notice because the source code was removed from the mods. Therefore I really hope that Unreal 227+ will come with a decent client security so we will no longer be at the mercy of admins and programmers to be protected against this specific threat.

Btw: This function has been reinstated for a while, and I told a lot of people about it in the active coop community, and, lo and behold, I've heard of ZERO instances of abuse of this function, in case anyone was wondering. What's hilarious is that this debate would never have ensued had I simply obfuscated the source like a "certain" gametype, but I completely endorse a "glass ceiling" approach with my mods.

Sure. I've been attacked only once at your server and it is a long time ago. These attacks were the trigger for me to investigate the underlaying technology. I've been one of the few ones who investigated this and brought it into public and I indeed will probably not be able to recognize the ForceCommand function when you would remove the source and rename the function.

I'm certainly aware of this and that's why I've been asking you kindly to remove the function. If you turned out to be not willing to remove it, I would regret it but I would have to accept it. In that case I can only warn players about it.

Hmm, I just remembered I had registered on these forums, but looking through the forums to find out what's going on, I wanted to post here first.

Hyper, I respect you completely for your abilities at hosting a successful Unreal server, but in my honest opinion, though you do have a right to notify people of what scripting is in the gametype, you have no right whatsoever to dictate what Pcube should do with it to make it better in your eyes.

If the Unreal community doesn't like the idea of this gametype then there is a simple answer for all of you, don't download it and don't join any servers that run it, and stop telling people what to do.

I absolutely agree that I have no power whatsoever to dictate anyone what to do or what not to do. This is not what I'm doing here. I am trying to get public awareness of a security risk that is not visible to players during normal gameplay and therefore will come as unpleasant surprise when it is being abused by an admin. I've been asking Pcube kindly to remove the function. If he is unwilling to do so I have to accept that. It's his program after all.

By the way: The argument of "not joining servers" of admins who abuse this is my least favourable option, since it is impossible to tell which server and which admin is going to abuse it.

Whats actually so wrong about it anyway. I think some idiots deserve to have their Unreal get fucked up, its not that Pcube is going to use it agaisnt anyone who calls him asshole or whatever.

No matter how deserved, this is unethical and not worth even discussing.

I can't agree more, Wolf. And as said before, there are many ethical ways to deal with unwanted players, like kicking, temporary- and permanent banning.

But there are annoying basterds like PackLeader who will change their IP and rejoin to your server, and keep on doing that till you stop banning him.