lmas
commented
9 years ago Source? This needs to be investigated.
Closed Kwask closed 9 years ago
lmas
commented
9 years ago Source? This needs to be investigated.
Kwask
commented
9 years ago lmas
commented
9 years ago I don't think it's possible to change the links in the web UI for machines. If it were, a lot more machines besides sleepers would be exploitable.
Kwask
commented
9 years ago Well, he managed to do it to get adminordrizine, so it's possible :P
lmas
commented
9 years ago It's apparently a well known problem at baystation. You have to change the templates stored in the client's cache to exploit href's. Also we should probably hide this issue now, it's exploity now...
Gotta go through that list and merge in the fixes. Not sure when we last synced with baystation.
Kwask
commented
9 years ago Months. We can't merge with Baystation12, and we shouldn't attempt to. Just find relevant PRs and make the same changes.
lmas
commented
9 years ago Just what I was thinking, but we need some kind of estimate so we know how far back we have to pull commits from.
Kwask
commented
9 years ago Sometime in March I think we decided to stop merging with bay
lmas
commented
9 years ago Have you confirmed that dd8d65ef889da67b7258a66944c0940f6f779899 fixed this issue?
Edit: should probably look in bay12 too and check that there isn't eny other href exploits.
Kwask
commented
9 years ago There are, there's an especially nasty one involving atmos somehow. Twice yesterday somoene managed to set the air pressure in the atmos pipes to NaN, which spread to the rest of the station and killed everyone.
lmas
commented
9 years ago Damn, that's a really serious problem then. Sounds like it's finally been found by the giraffess.
Not sure how to replicate, but was told sleepers are susceptible to href exploits.