And the winner of the day is...
Thilo Schulz
arny at ats.s.bawue.de
Sat Apr 22 14:30:57 EDT 2006
... iDSoftware!
Clients should never be able to download pak*.pk3 files released from id. The
security check for required files on autodownload in the client works
correctly, on the server it does *NOT*.
I was able to download pak0.pk3 from an *unmodified* officially released id
server (point release 1.32) using a slightly hacked ioq3 client.
Probably alot of other commercial games are hit by that bug, too :D
I wonder whether Doom3/Q4 suffers from it?
I commited a tested fix to SVN.
--
Thilo Schulz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://icculus.org/pipermail/quake3/attachments/20060422/ec041a47/attachment.pgp>
More information about the quake3
mailing list