Teeworlds - bridge

Teeworlds

IRC / bridge

One-way IRC channel bridge. If you want to be able to send messages to IRC, contact @Dune or @heinrich5991. https://www.teeworlds.com/?page=docs&wiki=rules/irc_rules

Between 2019-11-03 00:00:00Z and 2019-11-04 00:00:00Z

does svg really has an attack surface oO

00:07

when will you fix emote 16 btw?

every piece of code interacting with the network has an attack surface

prob. true

00:10

the svg would be embedded into the map

00:11

so the channel is already "secure" if you want

00:11

how is the map transportet over the network?

00:11

I imagine as complete blob

no, it's not secure. the server can send arbitrary data over the network. bug in the svg library, bug in teeworlds

don't you think you are highly pessimistic talking about attack surface in something as simple as svg support?

I think I'm pessimistic that I'm talking about attack surface (see above). by no means however, is svg simple

00:16

it's a complex format based on xml. the good news is that the lib reading it is nowadays written in rust, so there's some hope against exploits

00:17

it does seem to have a fairly good track record as well, but I'm not sure whether that's just because it's not popular enough: https://www.cvedetails.com/product/23082/Gnome-Librsvg.html?vendor_id=283

Gnome Librsvg : CVE security vulnerabilities, versions and detaile...

Gnome Librsvg security vulnerabilities, exploits, metasploit modules, vulnerability statistics and list of versions

00:19

(the same applies to putting stuff like pngs into maps. even map files itself are an attack surface; they even have unpatched security vulnerabilities)

i am surprised how many bugs that are

00:20

but i just entered sdl2 for comparison ...

welcome to the happy state of software security

time to dropper

hm?

*docker

00:23

https://www.cvedetails.com/product/28125/Docker-Docker.html?vendor_id=13534

Docker Docker : CVE security vulnerabilities, versions and detaile...

Docker Docker security vulnerabilities, exploits, metasploit modules, vulnerability statistics and list of versions

00:25

@heinrich5991 want some fun? Enter Excel

note that people try harder to find vulnerablities in more popular software

00:26

so just because there are more reported security vulnerabilities, it might not mean that it's buggier, it might even mean the opposite thing if the authors are more prudent in requesting cves

i just entered firefox and see what you mean

or try chrome

00:28

etc.

I wonder if you can still hack people with the now known vulnerabilities

software vendors usually patch security vulnerabilities when they become aware of them

00:32

however there are always people running outdated software

00:32

so yes

00:32

there are even pre-written exploits IIRC

@heinrich5991 we need the latest client versions, clanmembers just found a bug in the latest version where your tee gets invisible (client side)

@Assa I don't understand

Current official version: 0.7.3.1, latest version: pre-0.7.4

01:02

latest version may have a bug where your tee gets invisible

oh

and i can't confirm because i can't compile <.<

invisible tees should by fixed by this: https://github.com/teeworlds/teeworlds/pull/2216

Fix snap item invalidation by axblk · Pull Request #2216 · teewo...

When a snapitem is invalidated, its entry in the list of keys is set to -1. This breaks the binary search, introduced by #2129. Instead of modifying the list itself, I only modify the key value ins...

02:23

however... considering snapshots and demos... there are issues that might be used for malicious things

thumbsup ❤

@Assa what do you mean by emote 16 fixes? You mean that doubled emote thingy? Thats fixed already

@ChillerDragon exactly and nice

I think the teeworlds mapper should have blueprints

mapper?

editor

@Dune my server is running now for more than 10.000 minutes, without any master server warning - because i havent logged into rcon since the start.

13:37

if i would login now, it would fail again

13:37

what could have gone wrong here?

13:37

i didnt edit the source in any way that should cause this

If it happens on your mod and not on vanilla, it's a bug from something you changed

Yes, sure

13:41

But I still cant find why

Try econ, if it triggers the issue

no idea how it works

You need that in your config

ec_port "port"
ec_password "password"

14:04

so server has to restarted :/

14:05

The you can connect to it using telnet or netcat. If you are logged in on the vps nc localhost port should do the thing. Btw is econ documented anywhere?

@fokkonaut there is a good tutorial on the foruls

you may overflow and overwrite wrong bits at some point

14:44

I did this once, valgrind helped

@Dune :'( would you mind spending some of your free time to take a look at the forum. I think spam escalated a little bit there.

This spam literally happened 1min ago, do you have a subscription or something

xD no

17:51

I'm lucky to have taken a look at the right time.

17:53

I mean the 209 new topics about weight watchers. Some are from some hours ago ._.

17:53

ty very much

just move the forum to reddit

Can't bump old posts with updates and releases and what not there

18:32

Manual registration approval is possible but meh

Exported 70 message(s)