Change background image
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exploitable BYOND versions

Discussion in 'Coding' started by HiddenKnowledge, Nov 18, 2018.

Thread Status:
Not open for further replies.
  1. HiddenKnowledge

    HiddenKnowledge Bartender

    Recently two PR's #23817 and #23821 highlighted the fact that there are broken BYOND builds out there that can be abused.
    While these PR's fix the problem for big servers such as these, they do not allow smaller servers to do the same because they would obviously not know the affected version numbers.
    Why is this being hidden, is this an attempt at security through obscurity?
    Isn't it better to share these build numbers in order to allow smaller servers to block the versions as well?
    Or did I just miss where these build numbers are written down?
     
    Last edited: Nov 19, 2018
  2. Loaf

    Loaf Retired Staff

    Generally speaking information on security holes is not widely disseminated in SS13 because of the niche nature of the community and the ease with which that information becomes an invitation to abuse it. It's really the responsibility of the server hosts to keep an ear to the ground regarding security problems.

    The specific build numbers are already in one of the PRs you linked. EDIT: no they aren't, I'm dumb, those are placeholders. See below replies.
     
    Last edited: Nov 19, 2018
  3. HiddenKnowledge

    HiddenKnowledge Bartender

    You mean 512.0001, 512.0002, 512.1234 and/or 512.1235?
    Those don't seem like actual build numbers.
     
  4. afterthought

    afterthought Retired Staff

    If you have questions regarding the affected versions, please pm a dev on discord. This is not the appropriate place to discuss them. We are happy to share the information, but see no need to post it publicly.

    The versions in the example config and the config dm are not real dm builds; they are just illustrating the proper format.
     
    xales likes this.
  5. xales

    xales Host Game Administrator Developer Community Moderator

    This information is readily available to "legitimate" servers through the server host community ("legitimate" here defined by others, not myself - there is a process for servers to go through to get access to information like this and other things, but being "serious and for real" is certainly a minimum requirement - and size is not). There is no need for it to be made available publicly and those with a true need for it will not have a problem acquiring it.
     
  6. Banditoz

    Banditoz Senior Enlisted Advisor

    Some coder chats will probably have this information available.
     
  7. HiddenKnowledge

    HiddenKnowledge Bartender

    This can be closed.
     
Thread Status:
Not open for further replies.