WorldEdit + commandblock = security issue?

Discussion in 'Bukkit Discussion' started by fafler, Mar 13, 2014.

Thread Status:
Not open for further replies.
  1. Offline

    fafler

    Imagine someone sends you a .schematic file. It's a big, wooden horse and you //paste it on your server. Everything seems peaceful, bit as night falls, the horse breaks open and a horde of 10 year olds with operator rights comes out of it and ravage your server.

    Are commandblocks inside schematics a potential security threat in the way described above? I suspect it would be trivial for malicious players to place commandblocks with /op @p or similar commands inside schematics on sites like mcschematics.com and wait for server admins to add them.
     
  2. Offline

    moose517

    the question is though will a command block in a schematic file keep its config though? if it were to simply paste the block and its up to the person who pasted the schematic int to add back what the command block did then i see no problem.
     
  3. Offline

    fafler

    That's true. I saw a program that makes holograms, like HoloAPI, with (a lot of) commandblocks, which really makes no point if the commands have to be entered by the player. But the best thing to do is just to test it.
     
  4. Offline

    CoolV1994

    I think WorldEdit, when copying/pasting/etc, is relative to the player. So it won't work when used from the console or command blocks.
    I would suggest using permissions to restrict the ability to place/set command blocks, so that only trusted users can create command blocks.
    That's a good analogy though.
     
    King Pyro likes this.
  5. Offline

    Me4502

    Yes, that is a security issue. It's best not to just put random stuff users give you on a server.
     
    fafler and chaseoes like this.
  6. Offline

    chaseoes

    If you read the post they're not talking about using WorldEdit from within command blocks, they're talking about using WorldEdit to paste in command blocks that were included in a schematic.
     
Thread Status:
Not open for further replies.

Share This Page