They could have fixed all of this with just restricting download for files only in the *downloadables* stringtable, and upload strictly less than *1MB*, one per steam ID, only allow *VTF*s and only to the *downloads* folder.
Stupid patches. Thanks, - Saul. On 3 February 2010 17:19, Kyle Sanderson <[email protected]> wrote: > Than for the sake of security, you should remove -debug from your command > line until Valve gets this actually sorted out. These half assed patches > will not cut it anymore. > > Kyle. > > On Wed, Feb 3, 2010 at 9:09 AM, Saul Rennison <[email protected] > >wrote: > > > As I just said, if a server has ever crashed (very likely), then there's > a > > * > > debug.log* with the command-line in it. From that you would see *+exec > > lulz.cfg*. Even a console log will do... > > > > Thanks, > > - Saul. > > > > > > On 3 February 2010 16:50, Kyle Sanderson <[email protected]> wrote: > > > > > Should probably continue talking about this in the other topic, however > I > > > believe .cfg files have been already blacklisted. If I'm wrong though, > I > > > can't believe how useless this update would be. To protect yourself > from > > > attacks all you need to do is firewall off your Rcon port and set every > > > folder read only besides your logs, downloads, and local database dirs. > > To > > > prevent downloads however the only real thing you can do is rename > > > server.cfg to lulz.cfg and add +exec lulz.cfg to your startup line. > > (Don't > > > use lulz, try some completely random file name). > > > > > > Cheers, > > > Kyle. > > > > > > On Wed, Feb 3, 2010 at 8:29 AM, Chris <[email protected]> wrote: > > > > > > > Thanks. The release notes he posted did not mention .cfg files. I > > > > considered > > > > that the "GCF" could be a typo, but it wouldn't be a leap of faith to > > > think > > > > it was not. > > > > > > > > On Wed, Feb 3, 2010 at 11:17 AM, Saul Rennison < > > [email protected] > > > > >wrote: > > > > > > > > > *cfg/server.cfg*? I heard people put RCon in there. If you have > your > > > RCon > > > > > in > > > > > command-line and the server has previously crashed, you can grab > > > > > *debug.log*, > > > > > which contains command-line. > > > > > > > > > > Thanks, > > > > > - Saul. > > > > > > > > > > > > > > > On 3 February 2010 16:06, Chris <[email protected]> wrote: > > > > > > > > > > > I would have imagined that it would be the uploading of files > that > > > > would > > > > > > allow someone to take control. Would you mind clarifying how > > > > downloading > > > > > > them is a risk? > > > > > > > > > > > > On Wed, Feb 3, 2010 at 6:27 AM, ics <[email protected]> wrote: > > > > > > > > > > > > > Well, if you don't update, some day someone will join to your > > > server, > > > > > > > takes it under his controll by downloading some files, > uploading > > > some > > > > > > > more and in the end might wipe out your whole server > > installation. > > > Go > > > > > > > figure. > > > > > > > > > > > > > > -ics > > > > > > > > > > > > > > 3.2.2010 10:53, Alexander Lempe kirjoitti: > > > > > > > > Hi guys, > > > > > > > > > > > > > > > > sorry for this dumb questions, but what does it change > exactly? > > > > What > > > > > > are > > > > > > > the benefits of the changes mentioned below? > > > > > > > > > > > > > > > > Thanks, > > > > > > > > Alex > > > > > > > > > > > > > > > > -------- Original-Nachricht -------- > > > > > > > > > > > > > > > >> Datum: Mon, 1 Feb 2010 15:07:52 -0800 > > > > > > > >> Von: Jason Ruymen<[email protected]> > > > > > > > >> An: \'Half-Life dedicated Linux server mailing list\'< > > > > > > > [email protected]>, "\' > > [email protected] > > > > \'"< > > > > > > > [email protected]> > > > > > > > >> Betreff: [hlds_linux] Counter-Strike: Source Update > Available > > > > > > > >> > > > > > > > > > > > > > > > >> Updates to Counter-Strike: Source are now available. Please > > run > > > > > > > >> hldsupdatetool to receive the update. The specific changes > > > > include: > > > > > > > >> > > > > > > > >> - SMX, GCF, and SYS files cannot be downloaded > > > > > > > >> - Files whose extensions contain whitespace are not allowed > to > > > be > > > > > > > >> downloaded > > > > > > > >> - Filenames that begin with path separators are not allowed > to > > > be > > > > > > > >> downloaded > > > > > > > >> > > > > > > > >> Jason > > > > > > > >> > > > > > > > >> > > > > > > > >> _______________________________________________ > > > > > > > >> To unsubscribe, edit your list preferences, or view the list > > > > > archives, > > > > > > > >> please visit: > > > > > > > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > To unsubscribe, edit your list preferences, or view the list > > > > archives, > > > > > > > please visit: > > > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > > > > > > > _______________________________________________ > > > > > > To unsubscribe, edit your list preferences, or view the list > > > archives, > > > > > > please visit: > > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > > > > > _______________________________________________ > > > > > To unsubscribe, edit your list preferences, or view the list > > archives, > > > > > please visit: > > > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > > > _______________________________________________ > > > > To unsubscribe, edit your list preferences, or view the list > archives, > > > > please visit: > > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list archives, > > > please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
