One more bug from 1996

As recently posted on the Inside3D forums, apparently the Quake engine lets you overwrite the game data with savegames should you be enough of a moron to call your save “pak0.pak”, a bug that seems to hail all the way from the original release eighteen years ago.

Wow.

What’s even more amazing is that this hasn’t been fixed yet. I wonder what else is in there.

This just reinforces my belief that it’s best to hide the game’s console from the player. Unfortunately with an open source game, completely hiding it is impossible.

Advertisements

3 responses to “One more bug from 1996

  • anyeos

    You don’t need to hide the sourcecode to do that, you only need to hide the console like other games do (Half-Life, Jedi Knight…).

    You can overwrite cvars, key bindings, and so too. It is not a unknown/hidden possibility.
    But it will not be so hard to save it in a separate directory, making forcing it from the engine if you want.

    But that kind of features are not implemented because in that “age” there was not much online gaming.

    Anyway you will not overwrite your original files if you run the game from one directory, your saved files always will go to your $HOME directory.

    In engines like ioQuake 3, that kind of things are taked carefully (you not only can overwrite a vital file, but too can pass the server and run code or force other players to be disconnected, modify your own files to hack, and so). But in Quake One? come on 😛

    Anyway, I never payed attention for that, thank you for posting it.

    I am using Darkplaces, maybe is FTE more risky with that?

  • asd

    This was actually a deeper problem that hiding would not fix. Imagine being connected to a server where the admin sends such commands to your client.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: