There is an exploit in q3 engine named q3dirtrav, which allows players to
download any of server files, including server configuration (server.cfg).Today
I found evidence of possible existence of the same exploit in HLDS.As a company
we host hundreds of servers. We received many reports from
This was already fixed in an update, apparently.
On 7/3/2012 2:54 PM, c0m4r wrote:
There is an exploit in q3 engine named q3dirtrav, which allows players to download any of server files, including server
configuration (server.cfg).Today I found evidence of possible existence of the same
For quite a while we have been careful to specify our tf2 rcon passwords on
the command line, not a config file, because we suspected the existence of
an exploit like this.
It's possible that the vulnerability might be in tcadmin.
-Ken
On Jul 3, 2012 2:54 PM, c0m4r c0...@tlen.pl wrote:
There
. Will email back if it
happens again.
From: Ken Bateman novadeni...@gmail.com
To: Half-Life dedicated Linux server mailing list
hlds_linux@list.valvesoftware.com
Sent: Tuesday, July 3, 2012 1:05:42 PM
Subject: Re: [hlds_linux] HLDS q3dirtrav-like exploit
For quite
Is this an ok practice? I never thought about having my rcon password in my
file - I guess it would be more secure if you just start it up with the
rcon password in the string? Doesn't it show up when you run top/htop
though?
On Tue, Jul 3, 2012 at 12:05 PM, Ken Bateman novadeni...@gmail.com
Yes, it does.
I pointed this out to the author awhile ago privately.
Just for clarity, to make sure nobody else thinks it's a good idea, IT
IS NOT A GOOD IDEA. =)
This is the same reason that programs like sudo and ssh make it very
difficult for you to pass passwords on the command line.
Having the password on the command line would indeed be a concern for us if
we didn't have our box to ourselves.
-Ken
On Jul 3, 2012 7:44 PM, Jesse Molina je...@opendreams.net wrote:
Yes, it does.
I pointed this out to the author awhile ago privately.
Just for clarity, to make sure nobody
7 matches
Mail list logo
