what.... Michael Krasnow wrote: > What about GCFscape thats how people install SM and others on their listen > servers, thats like the only thing valve uses, is GCF > > On Tue, Mar 30, 2010 at 8:31 PM, Arg! <[email protected]> wrote: > > >> Im certainly no expert on how the libraries are being used here, but >> shouldnt the code explicitly state that certain cvars are to only come from >> the replicated source, eg the game server? Sure there might be ways around >> this with injection as mentioned but shouldnt the listen server (to cover >> the lan side) be using a seperate copy of the engine binaries which are >> affected here so when plugins are run in that context, they do not override >> the cvars being replicated from the actual gameserver the client is >> connected to? >> >> I was under the impression this problem existed because the client was >> sharing binaries with another server running on the local machine, so >> seperating the binaries being used would fix this surely. >> >> On Wed, Mar 31, 2010 at 10:12 AM, Tony Paloma <[email protected] >> >>> wrote: >>> >>> Also, I don't think that removing the plugin functionality is going to >>> >> fix >> >>> anything. There are other ways to inject a DLL into a running process. >>> >> What >> >>> really needs to happen is for VAC to be updated to detect the cheater >>> plugins. >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Craig H >>> Sent: Tuesday, March 30, 2010 3:35 PM >>> To: Half-Life dedicated Win32 server mailing list >>> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. >>> >>> Sadly this would remove the ability for people to run a server with >>> >> plugins >> >>> through their client. I've done this in the past to host a LAN game using >>> >> a >> >>> few plugins to play some of the gametypes people have created. While I >>> agree >>> something must be done, I don't really want to see that functionality >>> >> going >> >>> away. >>> >>> On Tue, Mar 30, 2010 at 3:55 AM, ics <[email protected]> wrote: >>> >>> >>>> Clients should never need any addons loaded. They can do just fine >>>> without them too. Having any plugins installed on client can do huge >>>> damage to servers so ability to run those on clients should be blocked. >>>> Players game shouldnt even start if there are something within addons >>>> folder on the pc or something else. Something that cannot be bypassed >>>> within 1 second. If clients need plugins, they should be separate from >>>> addons, like client-addons in which they could be used and not at all >>>> >> on >> >>>> a server. >>>> >>>> The current way is ridiculous that a CLIENT can have same plugin as >>>> SERVER and have free wallhack among other things. I seriously hope they >>>> are working for a fix for this and for the several other exploits that >>>> currently exist within the older CSS engine and the newer ones too. >>>> >>>> -ics >>>> >>>> 28.3.2010 22:50, Charles Mabbott kirjoitti: >>>> >>>>> In a general sense, there are a couple of client side plug-ins that >>>>> >> do >> >>> in >>> >>>>> fact serve a valid purpose, POV-Recorder, the ESEA Client plug-in and >>>>> >> a >> >>>>> couple of others. At this point I am definitely for simply locking >>>>> >> out >> >>>>> plug-ins on the client side, but I would rather not lose some of the >>>>> functionality these have. >>>>> >>>>> And on another note, the client plugin to intercept CVAR responses to >>>>> >>> the >>> >>>>> server has existed for quite a while now. >>>>> >>>>> -----Original Message----- >>>>> From: [email protected] >>>>> [mailto:[email protected]] On Behalf Of Dominic >>>>> >>>> Marciano >>>> >>>>> Sent: Sunday, March 28, 2010 11:14 AM >>>>> To: [email protected] >>>>> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. >>>>> >>>>> >>>>> it takes someone to fall to their death before they put safety rails. >>>>> >>>>> >>>>> >>>>>> From: [email protected] >>>>>> Date: Sun, 28 Mar 2010 14:56:39 +0100 >>>>>> To: [email protected] >>>>>> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. >>>>>> >>>>>> How about just allowing plugins for dedicated servers? >>>>>> >>>>>> Just as a heads up, I'm gonna try to make a client plugin which >>>>>> >> hooks >> >>>>>> SVC_GetCvarValue, and just always responds with the default CVar >>>>>> >>> value. >>> >>>>> This >>>>> >>>>> >>>>>> renders any server-side cheat detection (like KAC) completely >>>>>> >> useless. >> >>>>>> Hopefully releasing it as a POC will force VALVe to do something >>>>>> >> (why >> >>>> does >>>> >>>>>> it always have to come to this?) >>>>>> >>>>>> Thanks, >>>>>> - Saul. >>>>>> >>>>>> >>>>>> On 28 March 2010 14:49, AnAkIn .<[email protected]> wrote: >>>>>> >>>>>> >>>>>> >>>>>>> I don't think that's a good idea. Someone will just code a client >>>>>>> >>> side >>> >>>>>>> plugin to report false informations to the server. >>>>>>> >>>>>>> 2010/3/28 Keeper<[email protected]> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> I have e-mailed somebody at valve, and simply asked them if the >>>>>>>> >>> server >>> >>>>>>>> operators can see a list of plugins on the client ( like >>>>>>>> >>> plugin_print >>> >>>>> ). >>>>> >>>>> >>>>>>>> This would give the operator the ability to kick if plugins are >>>>>>>> >>> loaded >>> >>>>> on >>>>> >>>>> >>>>>>>> the client. But I think also looking at the GameBin will allow >>>>>>>> >> the >> >>>>>>> server >>>>>>> >>>>>>> >>>>>>>> to see if they are loading anything outside of the standard VSP >>>>>>>> >>>>>>>> >>>>>>> interface. >>>>>>> >>>>>>> >>>>>>>> I don't think stopping it will be completely possible on the >>>>>>>> >> client, >> >>>>> but >>>>> >>>>> >>>>>>>> giving the server operator the choice would be a nice thing. >>>>>>>> >>>>>>>> But they did respond that they are working on it. >>>>>>>> >>>>>>>> Keeper >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: Kyle Sanderson [mailto:[email protected]] >>>>>>>> Sent: Saturday, March 27, 2010 8:33 PM >>>>>>>> To: Half-Life dedicated Linux server mailing list; Half-Life >>>>>>>> >>> dedicated >>> >>>>>>>> Win32 >>>>>>>> server mailing list >>>>>>>> Subject: [hlds] Plugin Loading on clients, enough is enough. >>>>>>>> >>>>>>>> Since forever, players have been able to load plugins on their >>>>>>>> >>> clients >>> >>>>>>>> letting them get around cheat sensitive variables such as >>>>>>>> >> sv_cheats, >> >>>>>>>> allowing them to use r_drawothermodels, mat_wireframe, etc. We >>>>>>>> >> as >> >>>>> server >>>>> >>>>> >>>>>>>> admins have had the option to install various anti cheat addons >>>>>>>> >>> (Kigen >>> >>>>>>> Anti >>>>>>> >>>>>>> >>>>>>>> Cheat, VBAC, and than some rather lame ones for EventScripts) in >>>>>>>> >>> order >>> >>>>> to >>>>> >>>>> >>>>>>>> get around these quite severe downfalls in the engine. However >>>>>>>> >> now, >> >>>>> there >>>>> >>>>> >>>>>>>> is >>>>>>>> a LUA scripting interface<http://www.3rdera.com/> that has been >>>>>>>> >>>>>>>> >>>>>>> written, >>>>>>> >>>>>>> >>>>>>>> and is now fully supporting engine exploits in order to cause >>>>>>>> >>> trouble >>> >>>>> for >>>>> >>>>> >>>>>>>> server admins and for other players. No one can justify it's use, >>>>>>>> >>>>>>>> >>>>> every >>>>> >>>>> >>>>>>>> single script written has been made to get around server settings >>>>>>>> >>> and >>> >>>>>>>> protections put in place to keep order, and to keep the game >>>>>>>> >>> fluently >>> >>>>>>>> moving >>>>>>>> along. Right now, players cannot be VAC banned for using this, >>>>>>>> >> it's >> >>>>> also >>>>> >>>>> >>>>>>>> going against every single reason why VAC was created. Instead of >>>>>>>> >>>>>>>> >>>>>>> battling >>>>>>> >>>>>>> >>>>>>>> these antics with these scripters, I'm begging you Valve to please >>>>>>>> >>>>>>>> >>>>> remove >>>>> >>>>> >>>>>>>> this function from clients as there's absolutely no reason for >>>>>>>> >> them >> >>> to >>> >>>>>>> have >>>>>>> >>>>>>> >>>>>>>> it. I've sent two emails to a couple employees which were left >>>>>>>> >>>>>>>> >>>>>>> unanswered, >>>>>>> >>>>>>> >>>>>>>> I >>>>>>>> know others have done the same. >>>>>>>> >>>>>>>> Here's a forum full of countless exploits: >>>>>>>> http://www.3rdera.com/forum/viewforum.php?f=5 >>>>>>>> >>>>>>>> If you don't want to read the wall of text explaining why players >>>>>>>> >>>>>>>> >>>>> should >>>>> >>>>> >>>>>>>> not >>>>>>>> be allowed to load plugins, I'm sure your common sense on the >>>>>>>> >> issue >> >>>>> will >>>>> >>>>> >>>>>>> be >>>>>>> >>>>>>> >>>>>>>> more than sufficient to respond. >>>>>>>> Kyle Sanderson. >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>> >>> archives, >>> >>>>>>>> please visit: >>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>> >>> archives, >>> >>>>>>> please visit: >>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>> >> archives, >> >>>>> please visit: >>>>> >>>>> >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>> >>>>>> >>>>> _________________________________________________________________ >>>>> Looking for a new home? With all the latest places, searching has >>>>> >> never >> >>>> been >>>> >>>>> easier. >>>>> http://clk.atdmt.com/NMN/go/157631292/direct/01/ >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list >>>>> >> archives, >> >>>>> please visit: >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>> >>>>> >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list >>>>> >> archives, >> >>>> please visit: >>>> >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>> >>>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>> >>>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
