Sandboxed 'debug' library missing some functions [v1.0.0.12078]
Opened this issue · 14 comments
What happened?
On v1.0.0.12078, make my resources cannot working since I was using some the debug functions.
These functions are missing from 'debug'
debug.setupvaluedebug.getlocaldebug.setlocaldebug.gethookdebug.sethook
Expected result
All missing 'debug' functions work normally
Reproduction steps
- Try to use the missing functions for ex.
debug.getlocal
Importancy
Crash
Area(s)
FiveM, Natives, ScRT: Lua
Specific version(s)
v1.0.0.12078
Additional information
No response
Just reported because it is already launched on Latest version, and some players got error when joined in server.
Now, it works normally on Release version (at this time), please fix it before update to Release version.
What are your use-cases for these library functions?
What are your use-cases for these library functions?
- Anticheat : cheaters modified some value on
scheduler.lua, so my server using these library functions to detect the changes (it seems like many developers in my region got the same issue here) - Avoid dumper : I'm using these functions to make my resources to be more complex (like using
debug.setlocal,debug.setupvalue)
Anticheat : cheaters modified some value on scheduler.lua, so my server using these library functions to detect the changes (it seems like many developers in my region got the same issue here)
the entire point of sandboxing, is to stop you from doing that.
"Ah yes, peoples modify a file in skechy ways, so let my resource also read and write to those files in totally none skechy ways!"
the entire intent is for resources to be confined to themselves only, so you cant do sketchy stuff exactly like what you just described.
also debug.setlocal to make your code "complex", be real brother xD
Anticheat : cheaters modified some value on scheduler.lua, so my server using these library functions to detect the changes (it seems like many developers in my region got the same issue here)
the entire point of sandboxing, is to stop you from doing that. "Ah yes, peoples modify a file in skechy ways, so let my resource also read and write to those files in totally none skechy ways!" the entire intent is for resources to be confined to themselves only, so you cant do sketchy stuff exactly like what you just described. also
debug.setlocalto make your code "complex", be real brother xD
The point is that cheaters can inject code or files to interfere with the operation of our resource, but we have no way to monitor or handle any of that. Is this really the best approach?
The point is that cheaters can inject code or files to interfere with the operation of our resource, but we have no way to monitor or handle any of that. Is this really the best approach?
that is completely out of scope for a resource to handle.
resources should NOT be trying to detect injections with little bits of lua code lol.
That role is on Cfx, and adhesive, which is far supperior to quite literally anything u could achieve with the lua environment
The point is that cheaters can inject code or files to interfere with the operation of our resource, but we have no way to monitor or handle any of that. Is this really the best approach?
that is completely out of scope for a resource to handle. resources should NOT be trying to detect injections with little bits of lua code lol.
That role is on Cfx, and adhesive, which is far supperior to quite literally anything u could achieve with the lua environment
The responsibility to handle this lies with CFX, that's correct. But even now, there are still a lot of cheaters getting through without being banned. If it worked perfectly, why would people bother creating their own AntiCheat systems?
why would people bother creating their own AntiCheat systems?
Money.
99% of these little "anticheats" are nothing more than Marketing BS, with a £200 price tag attached.
theres certainly things u can detect and prevent sure, but Injections is not one of them, and if you are, you are exploiting vulnerabilities far worse than any cheat is.
to note on this:
going directly at fiveguard, which is literally 1 line change away from being cipher lol
why would people bother creating their own AntiCheat systems?
Money. 99% of these little "anticheats" are nothing more than Marketing BS, with a £200 price tag attached. theres certainly things u can detect and prevent sure, but Injections is not one of them, and if you are, you are exploiting vulnerabilities far worse than any cheat is.
to note on this: going directly at fiveguard, which is literally 1 line change away from being cipher lol
I’m not getting anywhere arguing with you.
We run a FiveM server for players to enjoy, and we simply don’t want cheaters in our server—that’s all there is to it.
These days, cheaters are getting more frequent and coming in various forms, and CFX can’t detect them.
That’s really all there is to it.
I think CFX is working on it too to detect cheaters. But anyway, whether we can create our own AntiCheat or not is not a big deal. Just provide the library functions so developers can implement their own as they desire.
and CFX can’t detect them.
if they cant, with an external proccess, what makes you think you can with a little bit of lua code lol,
literally same exploits as cheats 🤷🏼♂️
Just provide the library functions so developers can implement their own as they desire.
"Just provide the functions being exploited, so we can exploit them too!"
nice change! this forces developers to write a minimum of good code and stops people selling pseudo """anticheats"""
and CFX can’t detect them.
if they cant, with an external proccess, what makes you think you can with a little bit of lua code lol, literally same exploits as cheats 🤷🏼♂️
Not sure, but so far, I have been able to detect the use of certain cheat programs that CFX hasn't been able to detect at all "with a little bit of lua code😁"