Patch-up InternalFilterCommandTarget during connection phase. #940
+16
−3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Headline
added
Bug
Member
|
The existing behaviour here is intentional, with this change you can't kick or ban someone spoofing a privileged user's SteamID. |
Member
Author
|
sm_rcon is the sudo of sourcemod. No matter what the user sets as their AuthID the user can always be removed by the console. |
Member
Author
|
@asherkin do you still feel the same way about this? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As a christmas gift to a peer I've finally looked at this problem. During the connection phase immunity rules are ignored and as a result a "lower level admin" can kick a "higher level admin" or queue a bunch of timers on them while they're still downloading the level. By adding these additional checks to InternalFilterCommandTarget I think we can fix this everywhere while not introducing any additional issues.
This is untested against master as my production gear is running an older version of core.