And the winner of the day is...

Thilo Schulz arny at ats.s.bawue.de
Sat Apr 22 14:30:57 EDT 2006


... iDSoftware!

Clients should never be able to download pak*.pk3 files released from id. The 
security check for required files on autodownload in the client works 
correctly, on the server it does *NOT*.
I was able to download pak0.pk3 from an *unmodified* officially released id 
server (point release 1.32) using a slightly hacked ioq3 client.

Probably alot of other commercial games are hit by that bug, too :D
I wonder whether Doom3/Q4 suffers from it?

I commited a tested fix to SVN.

-- 
Thilo Schulz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://icculus.org/pipermail/quake3/attachments/20060422/ec041a47/attachment.pgp>


More information about the quake3 mailing list