Because of such security issues we strictly do not allow shell access. As I said in the mail before: When Valve would restrict this to command line its "ok".
And never ever feel secure. There are a lot of security holes in every application remaining which were not found yet... | -----Original Message----- | From: [EMAIL PROTECTED] [mailto:hlds_linux- | [EMAIL PROTECTED] On Behalf Of Simon Lange | Sent: Friday, September 23, 2005 4:36 PM | To: [email protected] | Subject: RE: [hlds_linux] RE: Mandatory Source engine update later | today... | | Hi | | > -----Original Message----- | > From: [EMAIL PROTECTED] | > [mailto:[EMAIL PROTECTED] On Behalf Of Marcel | > Sent: Friday, September 23, 2005 4:07 PM | > To: [email protected] | > Subject: RE: [hlds_linux] RE: Mandatory Source engine update | > later today... | > | > And you are one of the people who start crying first when | > their customers upload nasty scripts and run them via this | > absolutely crazy and simple way. | nope since i dont know how to secure a system. it seems that u dont have a | clue. :) | also if valve limits such a setting to command line, there is no security | hole by concept. except a "guy" like u would allow customers to edit start | scripts. guess u allow shell access, eh?! | | > You can run many evil scripts without root privileges. | jeez, never knew that. holy PEEEP ... how the hell i kept my systems | secure | the past 2 decades... nobody knows... | | scnr | | Simon | > | > | -----Original Message----- | > | From: [EMAIL PROTECTED] [mailto:hlds_linux- | > | [EMAIL PROTECTED] On Behalf Of Martin Zwickel | > | Sent: Friday, September 23, 2005 4:00 PM | > | To: [email protected] | > | Cc: [EMAIL PROTECTED] | > | Subject: Re: [hlds_linux] RE: Mandatory Source engine update later | > | today... | > | | > | On Fri, 23 Sep 2005 15:41:29 +0200 | > | "Marcel" <[EMAIL PROTECTED]> bubbled: | > | | > | > Hi, | > | > | > | > Holy shit - that would be such a huge security problem! | > | | > | Erhm, why? The script gets started by the hlds server with the same | > | uid/gid. No one else could start it as a client. | > | | > | > Please don't to that! | > | > | > | > Instead another method to find out if an update is | > released would be | > | > great - something you can easily do with a shell script (like | > | > downloading a webpage and "scan" for a message or sth.). | > | | > | Well, I hate that kind of method. The hlds server is the one that | > | already knows about an update in (I think) nearly realtime. So it | > | would cost extra processor cycles to check a HTML site | > every 5 minutes | > | or so ... | > | | > | -- | > | MyExcuse: | > | kernel panic: write-only-memory (/dev/wom0) capacity exceeded. | > | | > | Martin Zwickel <[EMAIL PROTECTED]> Research & | > Development | > | | > | TechnoTrend AG <http://www.technotrend.de> | > | | > | _______________________________________________ | > | To unsubscribe, edit your list preferences, or view the | > list archives, | > | please visit: | > | http://list.valvesoftware.com/mailman/listinfo/hlds_linux | > | > | > _______________________________________________ | > To unsubscribe, edit your list preferences, or view the list | > archives, please visit: | > http://list.valvesoftware.com/mailman/listinfo/hlds_linux | > | | | _______________________________________________ | To unsubscribe, edit your list preferences, or view the list archives, | please visit: | http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
