command_block_minecart can be used without any operator privileges and with command blocks disabled by gamerule

MEQS_KEEP_PRIVATE

Hi Enzo,

Could you please update your report with the following, it will help someone confirm the report for you. Is this possible in Singleplayer as well?

Steps to reproduce

1. Load up a world in creative
2. Place command block
3. ...

What I expect to happen and why

The command block should turn into a dinosaur

Okay thanks will test now!

Sorry haven't been able to do the reproduce part yet. 

Just wanted to add that it would be great to have a gamerule to disable npc too. Due too players using command block exploits npcs with command themselfs has been optained. I found a way to loop kill command_block_minecarts by doing

/kill @e[type=command_block_minecart] with a regular commandblocks with /tickingarea around the commandblock turned on. Also a server side script wichs is doing /gamerule commandblocksenabled every 1 second. So players can't disable my commandblocks.

Before 1.16 i believe players was not able to interact with npcs. After 1.16 players can use command that is added to the npcs without permissions.

But the type npc doesn't seem to react to the kill type what I know of. 

Cleaning up old tickets: This ticket had been set to 'Awaiting Response', but has not received a response from the reporter (~3 months+) so is being closed as Incomplete. If you feel this is still a valid issue then please comment, or create a new ticket following the Issue Guidelines which includes steps to reproduce the problem.

Quick Links:
📓 Issue Guidelines – 💬 Mojang Support – 📧 Suggestions – 📖 Minecraft Wiki