Stuff can always be injected. The only reason why you don’t see addons working around this signature check is because of VAC. You can’t very well run VAC on a server.
Alexander Corn “Dr. McKay” <http://www.doctormckay.com> http://www.doctormckay.com From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Barreiro Sent: Tuesday, February 10, 2015 11:19 AM To: Half-Life dedicated Win32 server mailing list Subject: Re: [hlds] Rethinking the community quickplay ban In terms of the addons, The way the client addons check works is it'll only load signed engine addons. If a plugin has been signed by Valve, it can be loaded with secure. Otherwise, you can only load addons with -insecure. This is for addons. One option would be to disable addons by default, and add a launch parameter -addons. There's potential this could be exploited though. Another method would be to make a separate server branch. CSGO has this. The branches are Community_DS, Valve_DS, Pinion_DS. The Valve and the Pinion DS both have changes that can be forwarded to the client. For example, there's a hidden cvar sv_require_motd_seconds. This cvar is on the client, the Pinion DS, and the Valve DS. If it is set on the Valve DS, it replicates it to the client. The community DS doesn't have this cvar and from my testing, you can't forward it to the client (as it's a hidden cvar on the client) They could make a branch for vanilla vs modded which report themselves differently to the matchmaking servers. This is similar to how Valve does the Mann Up servers. They run on server_valve.dll, set tf_mm_trusted to 1, and then each server gets validated on the backend. If this works out then it's marked as an official server in MM. They could just make another branch that completely disables the addon system (don't just set a value to 0, make sure it doesn't even attempt to load any form of addon) and either whitelists cvars or blacklists cvars, and makes sure to enforce all cvars that aren't on that list so if someone attempted changing them via injection, it'd just change them back. This is just one option. There will never be a way to 100% block server mods, but this would be a good step. Bypassing something like this is possible with enough work, but it would require a technical expertise many server owners don't have. If someone did attempt this, then they could be blacklisted fairly easily (it'd be pretty obvious). You could even have the client check if a server's cvars are consistent with vanilla mode. If they aren't it then sends some form of log to the backend and if a server gets enough of these, an employee could take a quick look and see what's wrong. There will always be a way past these things. Nothing is impenetrable but there are things that can be done to help. The biggest issue is the workload that would come with this. On Tue, Feb 10, 2015 at 10:34 AM, Cats From Above <[email protected]> wrote: Right now, various Valve games have protections in them that prevent addons being loaded under set conditions. I am sure Valve would be more than capable of distributing a similar mechanic within SRCDS. It is a matter of will power. On Wed, Feb 11, 2015 at 1:56 AM, Asher Baker <[email protected]> wrote: On Tue, Feb 10, 2015 at 2:59 PM, Cats From Above <[email protected]> wrote: What would you need to do to be eligible for the Vanilla pool? Simple, don't have *any* addons loaded on your server. This can be easily enforced on a technical level. The ability to late load source addons would also be removed under this scheme. This is a non-starter, there is no way to prevent server-side modifications from being made. ~~~~~ "Their heads are green, and their hands are blue, And they went to sea in a Sieve." - Edward Lear _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
