-- [ Picked text/plain from multipart/alternative ] This is a serious risk. All they need is ftp access, and essentially they can now have ssh access. A simple one liner (even as an under privileged user) can take the whole machine down (tried and tested).
Only way around not letting them install it is to remove ftp access. I'll wager 99% of the servers out there have ftp access to upload maps and mods. Its a bad oversight by Valve, and they should have some method of either preventing it, or having it disabled as an option (just like you would a webserver for example not allowing shell execs). On 4/6/06, Craig Moore <[EMAIL PROTECTED]> wrote: > > Simply don't allow them to install it, then. If you give them enough > power to do all this, what makes you think it'd take a plugin for > someone to do something malicious? > > On 4/6/06, Adam Grzesko <[EMAIL PROTECTED]> wrote: > > Hi Martin, > > > > Thursday, April 6, 2006, 4:58:40 PM, you wrote: > > > > MZ> Then you are a bad provider if you can't secure your machine against > > MZ> your customers ... > > > > Just forgot to add that even jail+chroot wouldn't be a solution to > > this specially when third party software, that should be separated > > from customer's access area, is needed inside jail environment. > > > > best regards, > > Adam Grzesko > > [EMAIL PROTECTED] > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > -- _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
