Thank you for the fix. I just applied it to all our servers after our server was attacked. I hope this patch works, because the alternative (valve new broken code) would be worse then an unpatched server.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Virtual Master Sent: Friday, August 01, 2003 9:56 AM To: [EMAIL PROTECTED] Subject: [hlds_linux] hlds 3.1.1.0 fix for buffer-overrun exploit [was "_working_ workaround for hlds exploit on linux"] Hello everyone, After reading the messages on this list for two days, I believe there's quite a lot server admins that don't want to run 3.1.1.1 beta servers for whatever reason. With valve releasing their security fix only as an upgrade to version 3.1.1.1d these people have no other choice than upgrading, even if there are strong arguments against the 3.1.1.1x versions. I decided to clean-up the fix I released on wednesday and present it as an alternative for those who don't want to run the new betas. The new version doesn't retrieve the original functions address with every call, but only once, so there is no chance of wasting performance. It's also commented so people understand what it does, and it tells the user about it being successfully loaded by printing a line right at the server startup "boffix_i386.so - fix for buffer overflow vulnerability in hlds 3.1.1.0". Either compile the source using the following gcc statement: "gcc -Wall -fpic boffix.c -shared -Wl,-soname,boffix.so -lc -o boffix_i386.so" (all in one line) or use the binary I compiled. FreeBSD users have to use linux-compiled binaries, too, as the hlds is linux, and the linked dynamic objects also need to be linux. Install the fix by copying the boffix_i386.so to your hlds_l directory, and modifying your hlds_run script to contain the line "export LD_PRELOAD=./boffix_i386.so". This can be right before or after the LD_LIBRARY_PATH export on linux machines, but needs to be right before the two lines containing "$HL $*" for FreeBSD systems. Thanks a lot to Miklos of clanhost.dk for hosting the patch and the source: http://miklos.clanhost.dk/ Remember, that fix is only meant for those who want to keep running version 3.1.1.0, if you're already using a 3.1.1.1 version use the new version valve provides. Best regards, Dominic (Virtual Master) -------------------------- [EMAIL PROTECTED] irc.quakenet.org #nocheat, #cheaterlog _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
