-
-
Notifications
You must be signed in to change notification settings - Fork 437
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make loading embedded lua scripts optional #3872
Comments
It can not be done because it forces you to update an entire server. Maybe it will work for small, new server but not for servers that are actual targets for cheaters. |
If the server owner is interested in fighting cheaters, it is not a problem to modify the method of calling exported procedures. |
it is dutchmans101 duty |
No. No its not. |
I have seen that cheaters are using directly c++ functions. How are you going to detect if given trigger was triggered by cheater? |
They can use assembly, doesnt matter. After all, MTA Client as a whole is fully accessible to the cheater. |
It is not good enough. Dropped doing my server because of cheaters with slurs instead of serial were crashing my server over and over |
Make your own account system and you dont have to worry about serials no more |
MTA also has a kernel level anti-cheat (FairplayKD) |
Welp, nvm it then. |
My personal opinion, as someone with more insight into this situation, is that this feature would be almost useless, the only thing we would achieve with it is that panicked server owners would disable these embedded scripts that are often used (iprint, exports) and break their compatibility, which can cause problems for incompetent or novice developers, while this change would not increase security in any way, because cheats simply do not work that way, but hook functions that they can modify and use at their own will, and this is difficult to control directly from the code, and in fact, it cannot be completely prevented. |
Is your feature request related to a problem? Please describe.
Embedded lua scripts are loaded for each resource before your scripts, allowing lua injectors to call their addDebugHook first and control subsequent code behavior without modifying your scripts or introducing new ones.
Describe the solution you'd like
Add a parameter to the server config to allow not loading these in-line scripts on both the client and server sides.
Describe alternatives you've considered
No response
Additional context
Also please note that the only function used in server releases in these scripts is a layer above the call (exports.lua), but this is a pointless technique in my opinion, and the server owner has the right not to load the memory with useless layers.
Security Policy
The text was updated successfully, but these errors were encountered: