Jump to content




Command computers should have their own reserved ID range


3 replies to this topic

#1 Gorzoid

  • Members
  • 44 posts

Posted 25 April 2016 - 03:16 PM

Not sure if this should be a suggestion or a bug report.

A while ago I found that by using the /give command one could spawn a computer with any computer ID, I then realized you could use this to give yourself a computer with the same ID as a command computer (you use peripheral api to turn it on and get the id) you could modify the startup file and then you basically have full access to the command computer.
Now obviously most servers will not be allowing untrusted users to use /give so it is not a very vulnerable on it's own. But as some of you may know, creative mode has full access to spawn items with nbt tags. Using a simple forgemod one could computers with the command computers ID, which could ruin all creative computercraft servers(/op cant be used in command computer, but most plugin commands can e.g. /manuadd).

For a while I was thinking what would be a good idea to fix this, blocking the spawning of them would be a very messy fix. So I thought instead let command computers have their own range of IDs so that when a normal computer has that ID you can just halt it. And vice versa when a command computer tries to use a normal computer ID

I can provide a screenshot but I believe the devs will immediately understand this. Of course there is still the issue of creatives being able to basically hack any computer using this method, but I think that is a less severe problem.

#2 Luca_S

  • Members
  • 407 posts
  • LocationGermany

Posted 25 April 2016 - 07:52 PM

Well even if you have an own ID for Command Computers, if users have access to /give they could just go with that id

#3 Lupus590

  • Members
  • 2,029 posts
  • LocationUK

Posted 25 April 2016 - 08:51 PM

View PostLuca_S, on 25 April 2016 - 07:52 PM, said:

Well even if you have an own ID for Command Computers, if users have access to /give they could just go with that id

yes but then you have the already implemented "non-ops can't open the GUI" defence

#4 Luca_S

  • Members
  • 407 posts
  • LocationGermany

Posted 27 April 2016 - 04:30 AM

View PostLupus590, on 25 April 2016 - 08:51 PM, said:

View PostLuca_S, on 25 April 2016 - 07:52 PM, said:

Well even if you have an own ID for Command Computers, if users have access to /give they could just go with that id

yes but then you have the already implemented "non-ops can't open the GUI" defence

Oh right.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users