Your "Protected Server": /home/user123/serverxy/orangebox/ Location of another server on the same host: /home/user123/server_unprotected/orangebox/ Location of the Cheat-Plugin: /home/user123/server_unprotected/orangebox/cstrike/addons/ssh.so
You should load the plugin from your protected server with: plugin_load /home/user123/server_unprotected/orangebox/cstrike/addons/ssh.so or plugin_load ../../../server_unprotected/orangebox/cstrike/addons/ssh.so It's possible to load plugins outside the serverdirectory, where the server should access. The easy fix is only for providers who support "Protected Servers". Please tell me, who does need to load Plugins outside of the serverdirectory and why? 2011/1/20 Kevin b er <[email protected]>: > So because the providers can't fix their own permission systems, no one else > can live load a VSP? There's plenty more ways to sneak in arbitrary stuff > into the server given RCON and/or some level of access to the file system. > This seems like a very poor solution. > > > 2011/1/20 Andre Müller <[email protected]> > >> Hi, after the nice Update from the srcds_run I have a suggestion. >> Can you prevent the srcds to load Plugins outside of the serverdirectory? >> It's possible to load plugins from evereywhere the server can access >> (plugin_load >> ../../../../kd1001/xxx.xxx.xx.xx/orangebox/cstrike/addons/serversidehack.so). >> Many server providers rent out there servers with the concept of a >> "protected server". I know, this conept is not well. >> >> The ESL doesn't know what they have done with thier shit "protected >> server mode". I don't konw if there are any technical guidelines for >> the game server providers. But in fact there are some providers which >> run thier servers with one user. This can't be good to prevent the >> server from loading plugins. >> >> This idea is to protect the server against changes from the >> gameserveradmin and loading other plugins than zBlock. >> When a customer have another rented game server on the same host, he >> can put his Plugins (Server Side Hack) into other directories and load >> it manually (relative paths and absolute paths are working). >> >> To prevent it, the provider has to forbid the access to all other >> directories outside the gameserver for this process. Maybe the >> provider can fix this behavior with one user for everey server and >> harder file permissions or to run the server in a jail. I know that >> there are many providers who can't change this. Thier system is >> complex and this changes are expensive. It has to work with all thier >> customers. I hope you can understand the problem. >> >> The change to prevent loading plugins outside the serverdirectory will >> make many players happy. >> >> The only easy way to protect loading Plugins manually is the following >> alias: >> alias "plugin_load" "echo Loading plugins isn't allowed" >> plugin_load >> Loading plugins isn ' t allowed >> >> I didn't know if there is a way to bypass this alias. >> >> Thanks for reading >> Greetings >> DeaD_EyE >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
