Ideas for mitigating malicious concmd use

[Fasteroid]

1. Consider having concmd execute on the chip uploader and not the prop protection owner.

   • This prevents a player with access to an admin's chip from using it for privilege escalation if the admin has concmd enabled.
   • This also prevents badmins from running commands on players via the same mechanism.

2. concmd calls should prompt a message box displaying the command before executing, with options on how to handle it, such as...

   • "block" (if @strict, halts the chip, otherwise ignores future concmd calls)
   • "allow once"
   • "allow command for chip"
   • "allow all for chip (dangerous)"

3. To mitigate the annoyingness of 2, add a special directive called @trust, which accepts a steamid.

   • If the steamid matches the player the concmd is to be run on, assume the "allow all for chip" option.
   • @trust is immutable upon spawning the chip (similar to @model), and upon any attempt to change it via reupload will block all concmd for the chip. This prevents privilege escalation even if the concmd target remains the PP owner upon reupload.
   • Using the steamid ensures that full concmd access can't be enabled by "just anyone"—it has to be you.

Upvote if you want these changes made!

[Vurv78]

This would be solved simply with a convar to disallow people uploading code to your chips

[thegrb93]

1 is the most logical option