Im certainly no expert on how the libraries are being used here, but shouldnt the code explicitly state that certain cvars are to only come from the replicated source, eg the game server? Sure there might be ways around this with injection as mentioned but shouldnt the listen server (to cover the lan side) be using a seperate copy of the engine binaries which are affected here so when plugins are run in that context, they do not override the cvars being replicated from the actual gameserver the client is connected to?
I was under the impression this problem existed because the client was sharing binaries with another server running on the local machine, so seperating the binaries being used would fix this surely. On Wed, Mar 31, 2010 at 10:12 AM, Tony Paloma <[email protected]>wrote: > Also, I don't think that removing the plugin functionality is going to fix > anything. There are other ways to inject a DLL into a running process. What > really needs to happen is for VAC to be updated to detect the cheater > plugins. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Craig H > Sent: Tuesday, March 30, 2010 3:35 PM > To: Half-Life dedicated Win32 server mailing list > Subject: Re: [hlds] Plugin Loading on clients, enough is enough. > > Sadly this would remove the ability for people to run a server with plugins > through their client. I've done this in the past to host a LAN game using a > few plugins to play some of the gametypes people have created. While I > agree > something must be done, I don't really want to see that functionality going > away. > > On Tue, Mar 30, 2010 at 3:55 AM, ics <[email protected]> wrote: > > > Clients should never need any addons loaded. They can do just fine > > without them too. Having any plugins installed on client can do huge > > damage to servers so ability to run those on clients should be blocked. > > Players game shouldnt even start if there are something within addons > > folder on the pc or something else. Something that cannot be bypassed > > within 1 second. If clients need plugins, they should be separate from > > addons, like client-addons in which they could be used and not at all on > > a server. > > > > The current way is ridiculous that a CLIENT can have same plugin as > > SERVER and have free wallhack among other things. I seriously hope they > > are working for a fix for this and for the several other exploits that > > currently exist within the older CSS engine and the newer ones too. > > > > -ics > > > > 28.3.2010 22:50, Charles Mabbott kirjoitti: > > > In a general sense, there are a couple of client side plug-ins that do > in > > > fact serve a valid purpose, POV-Recorder, the ESEA Client plug-in and a > > > couple of others. At this point I am definitely for simply locking out > > > plug-ins on the client side, but I would rather not lose some of the > > > functionality these have. > > > > > > And on another note, the client plugin to intercept CVAR responses to > the > > > server has existed for quite a while now. > > > > > > -----Original Message----- > > > From: [email protected] > > > [mailto:[email protected]] On Behalf Of Dominic > > Marciano > > > Sent: Sunday, March 28, 2010 11:14 AM > > > To: [email protected] > > > Subject: Re: [hlds] Plugin Loading on clients, enough is enough. > > > > > > > > > it takes someone to fall to their death before they put safety rails. > > > > > > > > >> From: [email protected] > > >> Date: Sun, 28 Mar 2010 14:56:39 +0100 > > >> To: [email protected] > > >> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. > > >> > > >> How about just allowing plugins for dedicated servers? > > >> > > >> Just as a heads up, I'm gonna try to make a client plugin which hooks > > >> SVC_GetCvarValue, and just always responds with the default CVar > value. > > >> > > > This > > > > > >> renders any server-side cheat detection (like KAC) completely useless. > > >> Hopefully releasing it as a POC will force VALVe to do something (why > > does > > >> it always have to come to this?) > > >> > > >> Thanks, > > >> - Saul. > > >> > > >> > > >> On 28 March 2010 14:49, AnAkIn .<[email protected]> wrote: > > >> > > >> > > >>> I don't think that's a good idea. Someone will just code a client > side > > >>> plugin to report false informations to the server. > > >>> > > >>> 2010/3/28 Keeper<[email protected]> > > >>> > > >>> > > >>>> I have e-mailed somebody at valve, and simply asked them if the > server > > >>>> operators can see a list of plugins on the client ( like > plugin_print > > >>>> > > > ). > > > > > >>>> This would give the operator the ability to kick if plugins are > loaded > > >>>> > > > on > > > > > >>>> the client. But I think also looking at the GameBin will allow the > > >>>> > > >>> server > > >>> > > >>>> to see if they are loading anything outside of the standard VSP > > >>>> > > >>> interface. > > >>> > > >>>> I don't think stopping it will be completely possible on the client, > > >>>> > > > but > > > > > >>>> giving the server operator the choice would be a nice thing. > > >>>> > > >>>> But they did respond that they are working on it. > > >>>> > > >>>> Keeper > > >>>> > > >>>> -----Original Message----- > > >>>> From: Kyle Sanderson [mailto:[email protected]] > > >>>> Sent: Saturday, March 27, 2010 8:33 PM > > >>>> To: Half-Life dedicated Linux server mailing list; Half-Life > dedicated > > >>>> Win32 > > >>>> server mailing list > > >>>> Subject: [hlds] Plugin Loading on clients, enough is enough. > > >>>> > > >>>> Since forever, players have been able to load plugins on their > clients > > >>>> letting them get around cheat sensitive variables such as sv_cheats, > > >>>> allowing them to use r_drawothermodels, mat_wireframe, etc. We as > > >>>> > > > server > > > > > >>>> admins have had the option to install various anti cheat addons > (Kigen > > >>>> > > >>> Anti > > >>> > > >>>> Cheat, VBAC, and than some rather lame ones for EventScripts) in > order > > >>>> > > > to > > > > > >>>> get around these quite severe downfalls in the engine. However now, > > >>>> > > > there > > > > > >>>> is > > >>>> a LUA scripting interface<http://www.3rdera.com/> that has been > > >>>> > > >>> written, > > >>> > > >>>> and is now fully supporting engine exploits in order to cause > trouble > > >>>> > > > for > > > > > >>>> server admins and for other players. No one can justify it's use, > > >>>> > > > every > > > > > >>>> single script written has been made to get around server settings > and > > >>>> protections put in place to keep order, and to keep the game > fluently > > >>>> moving > > >>>> along. Right now, players cannot be VAC banned for using this, it's > > >>>> > > > also > > > > > >>>> going against every single reason why VAC was created. Instead of > > >>>> > > >>> battling > > >>> > > >>>> these antics with these scripters, I'm begging you Valve to please > > >>>> > > > remove > > > > > >>>> this function from clients as there's absolutely no reason for them > to > > >>>> > > >>> have > > >>> > > >>>> it. I've sent two emails to a couple employees which were left > > >>>> > > >>> unanswered, > > >>> > > >>>> I > > >>>> know others have done the same. > > >>>> > > >>>> Here's a forum full of countless exploits: > > >>>> http://www.3rdera.com/forum/viewforum.php?f=5 > > >>>> > > >>>> If you don't want to read the wall of text explaining why players > > >>>> > > > should > > > > > >>>> not > > >>>> be allowed to load plugins, I'm sure your common sense on the issue > > >>>> > > > will > > > > > >>> be > > >>> > > >>>> more than sufficient to respond. > > >>>> Kyle Sanderson. > > >>>> > > >>>> > > >>>> _______________________________________________ > > >>>> To unsubscribe, edit your list preferences, or view the list > archives, > > >>>> please visit: > > >>>> http://list.valvesoftware.com/mailman/listinfo/hlds > > >>>> > > >>>> > > >>> _______________________________________________ > > >>> To unsubscribe, edit your list preferences, or view the list > archives, > > >>> please visit: > > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > > >>> > > >>> > > >> _______________________________________________ > > >> To unsubscribe, edit your list preferences, or view the list archives, > > >> > > > please visit: > > > > > >> http://list.valvesoftware.com/mailman/listinfo/hlds > > >> > > > > > > _________________________________________________________________ > > > Looking for a new home? With all the latest places, searching has never > > been > > > easier. > > > http://clk.atdmt.com/NMN/go/157631292/direct/01/ > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
