im saying even if the binaries are separated people will still use gcfscape to modify them
On Tue, Mar 30, 2010 at 9:12 PM, mfan <michael.fan...@gmail.com> wrote: > what.... > > Michael Krasnow wrote: > > What about GCFscape thats how people install SM and others on their > listen > > servers, thats like the only thing valve uses, is GCF > > > > On Tue, Mar 30, 2010 at 8:31 PM, Arg! <chillic...@gmail.com> wrote: > > > > > >> Im certainly no expert on how the libraries are being used here, but > >> shouldnt the code explicitly state that certain cvars are to only come > from > >> the replicated source, eg the game server? Sure there might be ways > around > >> this with injection as mentioned but shouldnt the listen server (to > cover > >> the lan side) be using a seperate copy of the engine binaries which are > >> affected here so when plugins are run in that context, they do not > override > >> the cvars being replicated from the actual gameserver the client is > >> connected to? > >> > >> I was under the impression this problem existed because the client was > >> sharing binaries with another server running on the local machine, so > >> seperating the binaries being used would fix this surely. > >> > >> On Wed, Mar 31, 2010 at 10:12 AM, Tony Paloma <drunkenf...@hotmail.com > >> > >>> wrote: > >>> > >>> Also, I don't think that removing the plugin functionality is going to > >>> > >> fix > >> > >>> anything. There are other ways to inject a DLL into a running process. > >>> > >> What > >> > >>> really needs to happen is for VAC to be updated to detect the cheater > >>> plugins. > >>> > >>> -----Original Message----- > >>> From: hlds-boun...@list.valvesoftware.com > >>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Craig H > >>> Sent: Tuesday, March 30, 2010 3:35 PM > >>> To: Half-Life dedicated Win32 server mailing list > >>> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. > >>> > >>> Sadly this would remove the ability for people to run a server with > >>> > >> plugins > >> > >>> through their client. I've done this in the past to host a LAN game > using > >>> > >> a > >> > >>> few plugins to play some of the gametypes people have created. While I > >>> agree > >>> something must be done, I don't really want to see that functionality > >>> > >> going > >> > >>> away. > >>> > >>> On Tue, Mar 30, 2010 at 3:55 AM, ics <i...@ics-base.net> wrote: > >>> > >>> > >>>> Clients should never need any addons loaded. They can do just fine > >>>> without them too. Having any plugins installed on client can do huge > >>>> damage to servers so ability to run those on clients should be > blocked. > >>>> Players game shouldnt even start if there are something within addons > >>>> folder on the pc or something else. Something that cannot be bypassed > >>>> within 1 second. If clients need plugins, they should be separate from > >>>> addons, like client-addons in which they could be used and not at all > >>>> > >> on > >> > >>>> a server. > >>>> > >>>> The current way is ridiculous that a CLIENT can have same plugin as > >>>> SERVER and have free wallhack among other things. I seriously hope > they > >>>> are working for a fix for this and for the several other exploits that > >>>> currently exist within the older CSS engine and the newer ones too. > >>>> > >>>> -ics > >>>> > >>>> 28.3.2010 22:50, Charles Mabbott kirjoitti: > >>>> > >>>>> In a general sense, there are a couple of client side plug-ins that > >>>>> > >> do > >> > >>> in > >>> > >>>>> fact serve a valid purpose, POV-Recorder, the ESEA Client plug-in and > >>>>> > >> a > >> > >>>>> couple of others. At this point I am definitely for simply locking > >>>>> > >> out > >> > >>>>> plug-ins on the client side, but I would rather not lose some of the > >>>>> functionality these have. > >>>>> > >>>>> And on another note, the client plugin to intercept CVAR responses to > >>>>> > >>> the > >>> > >>>>> server has existed for quite a while now. > >>>>> > >>>>> -----Original Message----- > >>>>> From: hlds-boun...@list.valvesoftware.com > >>>>> [mailto:hlds-boun...@list.valvesoftware.com] On Behalf Of Dominic > >>>>> > >>>> Marciano > >>>> > >>>>> Sent: Sunday, March 28, 2010 11:14 AM > >>>>> To: hlds@list.valvesoftware.com > >>>>> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. > >>>>> > >>>>> > >>>>> it takes someone to fall to their death before they put safety rails. > >>>>> > >>>>> > >>>>> > >>>>>> From: saul.renni...@gmail.com > >>>>>> Date: Sun, 28 Mar 2010 14:56:39 +0100 > >>>>>> To: hlds@list.valvesoftware.com > >>>>>> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. > >>>>>> > >>>>>> How about just allowing plugins for dedicated servers? > >>>>>> > >>>>>> Just as a heads up, I'm gonna try to make a client plugin which > >>>>>> > >> hooks > >> > >>>>>> SVC_GetCvarValue, and just always responds with the default CVar > >>>>>> > >>> value. > >>> > >>>>> This > >>>>> > >>>>> > >>>>>> renders any server-side cheat detection (like KAC) completely > >>>>>> > >> useless. > >> > >>>>>> Hopefully releasing it as a POC will force VALVe to do something > >>>>>> > >> (why > >> > >>>> does > >>>> > >>>>>> it always have to come to this?) > >>>>>> > >>>>>> Thanks, > >>>>>> - Saul. > >>>>>> > >>>>>> > >>>>>> On 28 March 2010 14:49, AnAkIn .<anakin...@gmail.com> wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> I don't think that's a good idea. Someone will just code a client > >>>>>>> > >>> side > >>> > >>>>>>> plugin to report false informations to the server. > >>>>>>> > >>>>>>> 2010/3/28 Keeper<hl2li...@afksoftware.com> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>> I have e-mailed somebody at valve, and simply asked them if the > >>>>>>>> > >>> server > >>> > >>>>>>>> operators can see a list of plugins on the client ( like > >>>>>>>> > >>> plugin_print > >>> > >>>>> ). > >>>>> > >>>>> > >>>>>>>> This would give the operator the ability to kick if plugins are > >>>>>>>> > >>> loaded > >>> > >>>>> on > >>>>> > >>>>> > >>>>>>>> the client. But I think also looking at the GameBin will allow > >>>>>>>> > >> the > >> > >>>>>>> server > >>>>>>> > >>>>>>> > >>>>>>>> to see if they are loading anything outside of the standard VSP > >>>>>>>> > >>>>>>>> > >>>>>>> interface. > >>>>>>> > >>>>>>> > >>>>>>>> I don't think stopping it will be completely possible on the > >>>>>>>> > >> client, > >> > >>>>> but > >>>>> > >>>>> > >>>>>>>> giving the server operator the choice would be a nice thing. > >>>>>>>> > >>>>>>>> But they did respond that they are working on it. > >>>>>>>> > >>>>>>>> Keeper > >>>>>>>> > >>>>>>>> -----Original Message----- > >>>>>>>> From: Kyle Sanderson [mailto:kyle.l...@gmail.com] > >>>>>>>> Sent: Saturday, March 27, 2010 8:33 PM > >>>>>>>> To: Half-Life dedicated Linux server mailing list; Half-Life > >>>>>>>> > >>> dedicated > >>> > >>>>>>>> Win32 > >>>>>>>> server mailing list > >>>>>>>> Subject: [hlds] Plugin Loading on clients, enough is enough. > >>>>>>>> > >>>>>>>> Since forever, players have been able to load plugins on their > >>>>>>>> > >>> clients > >>> > >>>>>>>> letting them get around cheat sensitive variables such as > >>>>>>>> > >> sv_cheats, > >> > >>>>>>>> allowing them to use r_drawothermodels, mat_wireframe, etc. We > >>>>>>>> > >> as > >> > >>>>> server > >>>>> > >>>>> > >>>>>>>> admins have had the option to install various anti cheat addons > >>>>>>>> > >>> (Kigen > >>> > >>>>>>> Anti > >>>>>>> > >>>>>>> > >>>>>>>> Cheat, VBAC, and than some rather lame ones for EventScripts) in > >>>>>>>> > >>> order > >>> > >>>>> to > >>>>> > >>>>> > >>>>>>>> get around these quite severe downfalls in the engine. However > >>>>>>>> > >> now, > >> > >>>>> there > >>>>> > >>>>> > >>>>>>>> is > >>>>>>>> a LUA scripting interface<http://www.3rdera.com/> that has been > >>>>>>>> > >>>>>>>> > >>>>>>> written, > >>>>>>> > >>>>>>> > >>>>>>>> and is now fully supporting engine exploits in order to cause > >>>>>>>> > >>> trouble > >>> > >>>>> for > >>>>> > >>>>> > >>>>>>>> server admins and for other players. No one can justify it's use, > >>>>>>>> > >>>>>>>> > >>>>> every > >>>>> > >>>>> > >>>>>>>> single script written has been made to get around server settings > >>>>>>>> > >>> and > >>> > >>>>>>>> protections put in place to keep order, and to keep the game > >>>>>>>> > >>> fluently > >>> > >>>>>>>> moving > >>>>>>>> along. Right now, players cannot be VAC banned for using this, > >>>>>>>> > >> it's > >> > >>>>> also > >>>>> > >>>>> > >>>>>>>> going against every single reason why VAC was created. Instead of > >>>>>>>> > >>>>>>>> > >>>>>>> battling > >>>>>>> > >>>>>>> > >>>>>>>> these antics with these scripters, I'm begging you Valve to please > >>>>>>>> > >>>>>>>> > >>>>> remove > >>>>> > >>>>> > >>>>>>>> this function from clients as there's absolutely no reason for > >>>>>>>> > >> them > >> > >>> to > >>> > >>>>>>> have > >>>>>>> > >>>>>>> > >>>>>>>> it. I've sent two emails to a couple employees which were left > >>>>>>>> > >>>>>>>> > >>>>>>> unanswered, > >>>>>>> > >>>>>>> > >>>>>>>> I > >>>>>>>> know others have done the same. > >>>>>>>> > >>>>>>>> Here's a forum full of countless exploits: > >>>>>>>> http://www.3rdera.com/forum/viewforum.php?f=5 > >>>>>>>> > >>>>>>>> If you don't want to read the wall of text explaining why players > >>>>>>>> > >>>>>>>> > >>>>> should > >>>>> > >>>>> > >>>>>>>> not > >>>>>>>> be allowed to load plugins, I'm sure your common sense on the > >>>>>>>> > >> issue > >> > >>>>> will > >>>>> > >>>>> > >>>>>>> be > >>>>>>> > >>>>>>> > >>>>>>>> more than sufficient to respond. > >>>>>>>> Kyle Sanderson. > >>>>>>>> > >>>>>>>> > >>>>>>>> _______________________________________________ > >>>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>>> > >>> archives, > >>> > >>>>>>>> please visit: > >>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>> > >>> archives, > >>> > >>>>>>> please visit: > >>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> _______________________________________________ > >>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>> > >> archives, > >> > >>>>> please visit: > >>>>> > >>>>> > >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>>> > >>>>>> > >>>>> _________________________________________________________________ > >>>>> Looking for a new home? With all the latest places, searching has > >>>>> > >> never > >> > >>>> been > >>>> > >>>>> easier. > >>>>> http://clk.atdmt.com/NMN/go/157631292/direct/01/ > >>>>> _______________________________________________ > >>>>> To unsubscribe, edit your list preferences, or view the list > >>>>> > >> archives, > >> > >>>>> please visit: > >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> To unsubscribe, edit your list preferences, or view the list > >>>>> > >> archives, > >> > >>>> please visit: > >>>> > >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>> > >>>>> > >>>> _______________________________________________ > >>>> To unsubscribe, edit your list preferences, or view the list archives, > >>>> please visit: > >>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>> > >>>> > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>> > >>> > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>> > >>> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
