So because the providers can't fix their own permission systems, no one else can live load a VSP? There's plenty more ways to sneak in arbitrary stuff into the server given RCON and/or some level of access to the file system. This seems like a very poor solution.
2011/1/20 Andre Müller <[email protected]> > Hi, after the nice Update from the srcds_run I have a suggestion. > Can you prevent the srcds to load Plugins outside of the serverdirectory? > It's possible to load plugins from evereywhere the server can access > (plugin_load > ../../../../kd1001/xxx.xxx.xx.xx/orangebox/cstrike/addons/serversidehack.so). > Many server providers rent out there servers with the concept of a > "protected server". I know, this conept is not well. > > The ESL doesn't know what they have done with thier shit "protected > server mode". I don't konw if there are any technical guidelines for > the game server providers. But in fact there are some providers which > run thier servers with one user. This can't be good to prevent the > server from loading plugins. > > This idea is to protect the server against changes from the > gameserveradmin and loading other plugins than zBlock. > When a customer have another rented game server on the same host, he > can put his Plugins (Server Side Hack) into other directories and load > it manually (relative paths and absolute paths are working). > > To prevent it, the provider has to forbid the access to all other > directories outside the gameserver for this process. Maybe the > provider can fix this behavior with one user for everey server and > harder file permissions or to run the server in a jail. I know that > there are many providers who can't change this. Thier system is > complex and this changes are expensive. It has to work with all thier > customers. I hope you can understand the problem. > > The change to prevent loading plugins outside the serverdirectory will > make many players happy. > > The only easy way to protect loading Plugins manually is the following > alias: > alias "plugin_load" "echo Loading plugins isn't allowed" > plugin_load > Loading plugins isn ' t allowed > > I didn't know if there is a way to bypass this alias. > > Thanks for reading > Greetings > DeaD_EyE > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
