Legend26Join Date: 2008-09-08
Post Count: 10586 |
Ok, so I went around using necro's exploit to determine all of the security levels of everything. Here's what I know, feel free to add to it on the things I've missed.
Plugins - Level 1
Execute Script - Level 1
Script - Level 2
LocalScript - Level 2
CoreScript - Level 4
StarterScript - Level 5
Command Bar - Level 5
Ok, all of the above are verified, what are the ones I've missed? |
|
booingJoin Date: 2009-05-04
Post Count: 6594 |
Admins - 6 (I think)
Exploiting goal - 7 |
|
|
You're a genius for thinking of that.
I never thought about using NecroBumpist's function on the printidentity function... |
|
zars15Join Date: 2008-11-10
Post Count: 9999 |
Umm.. i thought that execute script and plugins has actually higher level than regular scripts |
|
FabunilJoin Date: 2013-10-25
Post Count: 4325 |
"Plugins - Level 1
Execute Script - Level 1
Script - Level 2
LocalScript - Level 2
CoreScript - Level 4
StarterScript - Level 5
Command Bar - Level 5"
???
The securitylevel of plugins is higher than normal scripts and the securitylevel of corescripts and the starterscript should be higher than the commandbar. |
|
|
|
Actually, forget what I said. Looks like my old statistics are still right. :P |
|
Legend26Join Date: 2008-09-08
Post Count: 10586 |
@agent, zars;
The numbers don't necessarily mean anything. It's just what a certain level is "named". |
|
Legend26Join Date: 2008-09-08
Post Count: 10586 |
@Julien,
I'm updating it anyway later 'cause all that bold text is annoying. |
|
FabunilJoin Date: 2013-10-25
Post Count: 4325 |
But security level sounds so level-like D:
The higher the level the better.
I DEMAND A RENAME TO SECURITY IDENTITY |
|
|
@Legend26
Without editing the information I already put in the page (as it is still right, and in fact more detailed than yours, lol), can you put it into tables?
Also, can you mention that the identity can be acquired through the printidentity function?
Finally, can you add a new section explaining that the numbers were just arbitrarily chosen and that there is no hierarchy between the identities? |
|
Legend26Join Date: 2008-09-08
Post Count: 10586 |
@Julien,
"can you put it into tables?"
That was my plan.
"Also, can you mention that the identity can be acquired through the printidentity function?"
k
"Finally, can you add a new section"
Definitely needed. |
|
|
Since you're at it, change the description at the top to this (edit as you want):
Every thread must have an identity, or security context to outline which functions, methods, properties and events are usable or not. Most of the time, prevention of using certain members of an object is strictly for security reasons. Other times, it may just be that the object being used is not fully developed yet.
Identities are in fact specific to threads, not to scripts (plus the word 'script' actually had a link to the script object...). I also forgot to mention when I wrote that text that it also applies to functions (like LoadRobloxLibrary, settings, stats and other functions), not only to object members. |
|
|
... and since we're at it, can you also add callbacks to the list? After all, callbacks can be locked too... |
|
Legend26Join Date: 2008-09-08
Post Count: 10586 |
Anyone know how to get the security level of the site scripts such as /game/gameserver.ashx? |
|
zars15Join Date: 2008-11-10
Post Count: 9999 |
inb4over9k |
|
|
@Legend26
I never managed to, but I remember trying (ironically, it was when I wrote that page).
Perhaps you'll have more luck than me while trying... |
|
|
If I'm not mistaken, the join scripts have the highest security.
I just don't know what their identity is.
If we do manage to learn it, then we could add it to the wiki. |
|
AnaminusTop 100 PosterJoin Date: 2006-11-29
Post Count: 5945 |
I've tried it a while back already. printidentity doesn't appear to print a number (or anything, really) in join scripts. This probably suggests that it's completely unrestricted.
Also, it would be worth mentioning the security types associated with each object member. Other than no security (accessible to everything), there's RobloxSecurity, LocalUserSecurity, RobloxScriptSecurity, RobloxPlaceSecurity, and WritePlayerSecurity. I'd bet that each of these types maps to one or more security levels. |
|
Legend26Join Date: 2008-09-08
Post Count: 10586 |
It would definitely be nice to figure out which map to which. This still leaves me with the question: What exactly IS identity 7? |
|
|
@Legend26 Nothing I don't think, essentially unrestricted. I'm pretty sure the userdata's in the metatable enviorment are locked to even level 6, so thats pretty much the only difference. |
|
|
"Also, it would be worth mentioning the security types associated with each object member. Other than no security (accessible to everything), there's RobloxSecurity, LocalUserSecurity, RobloxScriptSecurity, RobloxPlaceSecurity, and WritePlayerSecurity. I'd bet that each of these types maps to one or more security levels."
Where are those ever used?
Are they in enums or something?
Also, Anaminus, how did you try it? It's not like I know of any way to run stuff using the join scripts... |
|
|
@Legend26
I don't think there is a such thing as a level 7. Nothing uses the level 7, as far as I know.
It might exist in the code, though. |
|
AnaminusTop 100 PosterJoin Date: 2006-11-29
Post Count: 5945 |
They're in the API dump, which you can get by cd'ing to the roblox directory and running this:
RobloxPlayer -API output.txt |
|
SorcusForum ModeratorJoin Date: 2010-11-29
Post Count: 3775 |
Hacker above.
~Sorcus |
|