From 040937e671bbc0daef6876a423810fc1025f77ac Mon Sep 17 00:00:00 2001 From: AconiteGodOfSWG <63141077+AconiteGodOfSWG@users.noreply.github.com> Date: Fri, 11 Sep 2020 00:51:36 -0500 Subject: [PATCH] Updated List of Known Vulnerabilities Exploitable by GMs (markdown) --- List-of-Known-Vulnerabilities-Exploitable-by-GMs.md | 1 + 1 file changed, 1 insertion(+) diff --git a/List-of-Known-Vulnerabilities-Exploitable-by-GMs.md b/List-of-Known-Vulnerabilities-Exploitable-by-GMs.md index 4f26ecf..ad50557 100644 --- a/List-of-Known-Vulnerabilities-Exploitable-by-GMs.md +++ b/List-of-Known-Vulnerabilities-Exploitable-by-GMs.md @@ -4,5 +4,6 @@ * Likewise, almost all scripts and commands use `isGod` checks but do not use `getGodLevel` checks, so it is near impossible to segment access to only certain commands without extensive overhaul and review of each individual command and script. Many sensitive commands are otherwise unrestricted once a user has turned on god mode. * The checks that trigger logging and access to sensitive controls are through the methods `isGod` and `getGodLevel`. `isGod` is a boolean that returns true *if god mode is turned on*. `getGodLevel` returns the integer value of an account's assigned god level *if god mode is turned on*. A GM can completely avoid detection in their actions by using `/setgod off`. * There is no way to differentiate between when sensitive and working/test scripts (e.g. QA Tool) should be turned on or off, such as through a Live Server Mode flag. +* Scripts that do have `isGod` checks ran during the OnAttach trigger do not get removed if a user is later removed from the admin table so they can, in theory, use admin scripts attached to them even after they have been removed from the admin table (e.g. OnAttach, OnSpeak, and cmd functions ALL need `isGod` checks). * GM Characters can interact with world and game content like normal players to gain items, credits, etc. usually with hidden advantages. * GM Characters can use normal player functions like /tip and /trade to distribute items/credits gained through abuse. \ No newline at end of file