-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Executing commands without the FCVAR_SERVER_CAN_EXECUTE
flag in multiplayer through point_clientcommand
or point_broadcastclientcommand
entities are prevented from being ran by the game.
#436
Comments
I noticed this recently too. This is actually unrelated to commands being cheats, the game now disallows remote servers from executing any command that doesn't have the flag This is technically a security fix (disallowing servers from running arbitrary commands on connected clients), and is enabled in every other Source 1 multiplayer game, but Portal 2 has never had it turned on until a recent update. I'm really not happy with the fact that this was randomly changed in an update 13 years after the game's release after hundreds of workshop maps have already been made which rely on the original behavior. It completely prevents a lot of cool/useful things that could previously be done in co-op with VScript/commands, further restricting what is probably already the most restricted Source 1 game when it comes to modding. As a compromise, it would be nice to have a new cvar added which restores the original behavior. Said cvar should obviously not be flagged with |
Now that you mention it, I am actually making a Portal 2 mod that ports the singleplayer maps to coop and it heavily relies on using commands without the
That's true, I should probably edit the title and description. Thanks for clarifying.
That would work, as long as said cvar can be changed through a point_servercommand in some cases. In the case of my mod that I am working on, it would definitely be required to be off at all times for my mod to work properly (and possibly other coop maps that rely on those commands). However, leaving it disabled brings back the possibility that bad actors, trolls, and hackers can use it for remote code execution exploits, making the convar completely useless on what it was supposed to do, and could create more issues than solve them if not properly addressed. |
FCVAR_SERVER_CAN_EXECUTE
FCVAR_SERVER_CAN_EXECUTE
server_can_execute
flag in multiplayer through point_clientcommand
or point_broadcastclientcommand
entities are prevented by FCVAR_SERVER_CAN_EXECUTE
#437 describes 2 commands that are affected by the |
server_can_execute
flag in multiplayer through point_clientcommand
or point_broadcastclientcommand
entities are prevented by FCVAR_SERVER_CAN_EXECUTE
FCVAR_SERVER_CAN_EXECUTE
flag in multiplayer through point_clientcommand
or point_broadcastclientcommand
entities are prevented
FCVAR_SERVER_CAN_EXECUTE
flag in multiplayer through point_clientcommand
or point_broadcastclientcommand
entities are preventedFCVAR_SERVER_CAN_EXECUTE
flag in multiplayer through point_clientcommand
or point_broadcastclientcommand
entities are prevented from being ran by the game.
This wasn't an issue before, but it seemingly now is.
Recent updates for Portal 2 caused commands without the
server_can_execute
flag (such as upgrade_potatogun) executed by point_clientcommand or point_broadcastclientcommand entities returnFCVAR_SERVER_CAN_EXECUTE prevented server running command: upgrade_potatogun
in the console. The command only goes through if said command is ran through a point_servercommand entity or ran manually by the client's console.ss_map mp_coop_lobby_3
)ent_create point_clientcommand
orent_create point_broadcastclientcommand
in the consoleserver_can_execute
flag through the clientcommand/broadcastclientcommand entity by runningent_fire point_clientcommand command "<command without server_can_execute flag>"
orent_fire point_broadcastclientcommand command "<command without server_can_execute flag>"
in the console (for example, upgrade_potatogun). The console should now return theFCVAR_SERVER_CAN_EXECUTE prevented server running command: <command without server_can_execute flag>
. The example command is upgrade_potatogun, which does not have theserver_can_execute
flag, should returnFCVAR_SERVER_CAN_EXECUTE prevented server running command: upgrade_potatogun
.I don't know if this change was meant to combat RCE exploits and crashes, or if it's a bug with the game.
I have tested this on Windows and Steam Deck, both platforms have this issue. Linux and Mac may also be affected.
Image showing the problem:
The text was updated successfully, but these errors were encountered: