Please tell me what malicious things a server can do Thanks, - Saul.
On 2 April 2010 23:03, Scott Highland <tgnwe...@gmail.com> wrote: > How would disabling it be best? Again, no one on the list seems to get > it. I don't doubt that it's possible to load addons on the client, I'm > very sure it is. You guys seem to want to make the assumption that > anything that could be loaded into the client that can be malicious, IS > in fact malicious. Server administrators can install malicious plugins > that can do things 100x worse than any plugin on the client could do. Am > I going to make the argument that the whole system that allows servers > to load custom plugins should be removed, obviously not. > Why is it servers should be immune to this kind of 'security' (it's a > very false sense of security, what you guys are suggesting) and the game > client should not? > > 1nsane wrote: > > Right, having it disabled entirely would be the best. > > > > As I said before, there's the Steam SRCDS that practically installs > itself > > with Source engine games/mods if you need plugins and don't want > standalone > > SRCDS. > > > > On Fri, Apr 2, 2010 at 12:53 PM, Saul Rennison <saul.renni...@gmail.com > >wrote: > > > > > >> They're loaded at launch, like any other DLL. It's basically treated > like > >> another game DLL (in terms of callbacks). If plugins are loaded when a > >> listen server is created, what about after that? Even if the plugin is > >> unloaded, the plugin could have injected anything into the engine > without > >> VAC noticing. > >> > >> Like I keep saying: the only way to prevent this is to have plugins for > >> dedicated servers only. > >> > >> Thanks, > >> - Saul. > >> > >> > >> On 2 April 2010 16:40, 1nsane <1nsane...@gmail.com> wrote: > >> > >> > >>> So tell me, if I make my own hacking plugin and have it privately > shared > >>> with trusted people, how will any server admin be able to detect it? > >>> > >>> The server plugins that stop client plugins are only checking PUBLICALY > >>> known cvars such as "sm_version",if those cvars are renamed or don't > >>> > >> exit, > >> > >>> you get to load any plugin you want and be a major HAXXOR besting this > >>> detection. > >>> > >>> Also the Source engine was just fine for years before people figured > out > >>> how > >>> to make/use "client" plugins. Disabling client side plugin loading > would > >>> probably be the easiest way of fixing this. > >>> Why should the game client load a VSP (Valve SERVER Plugin) unless it's > a > >>> listen server? > >>> > >>> > >>> On Fri, Apr 2, 2010 at 12:52 AM, Scott Highland <tgnwe...@gmail.com> > >>> wrote: > >>> > >>> > >>>> No offense, but this whole list sucks at problem solving, every single > >>>> idea to deal with this issue suggested in this thread is just > terrible, > >>>> absolutely terrible. > >>>> > >>>> You can't disable clientside plugins just because a few admins are too > >>>> lazy to want to install a plugin to block people using clientside > >>>> plugins. People have the right to install clientside addons just as > >>>> server administrators have the right to install whatever addons they > >>>> want on their server. It's easy for you morons to want to impose this > >>>> > >> on > >> > >>>> everyone without seeing any consequences, Valve actually has to deal > >>>> with the complaints from their customers who use legitimate uses for > >>>> their plugins. Why don't you let professionals with their own > companies > >>>> reputation on the line deal with this intense decision making process. > >>>> Suggesting valve should add a cvar to disable people with plugins is > >>>> dumb, there's already plugins out there that does exactly this, go > >>>> install it and quit complaining. Don't make Valve spent their time > >>>> babying the few admins too stupid to know how to set up a serious > >>>> dedicated server. > >>>> > >>>> This issue is basically the equivalent to the material hacks that are > >>>> possible to use anywhere on servers that have sv_pure set to 0 still. > >>>> It's not a big deal in the scope of things, and theres already ways of > >>>> dealing with it. Now quit acting like this is Valve's fault and go > back > >>>> to blaming hackers and cheaters for your in-game shortcomings. > >>>> > >>>> Arg! wrote: > >>>> > >>>>> I doubt making a cvar would work as the plugins could simply override > >>>>> it as they do now. > >>>>> > >>>>> On Thu, Apr 1, 2010 at 2:04 AM, Saul Rennison < > >>>>> > >> saul.renni...@gmail.com > >> > >>>> wrote: > >>>> > >>>>>> If you aren't modifying game memory (i.e. hooking functions), then > >>>>>> > >> VAC > >> > >>>> won't > >>>> > >>>>>> mind. > >>>>>> > >>>>>> Thanks, > >>>>>> - Saul. > >>>>>> > >>>>>> > >>>>>> On 31 March 2010 16:00, Keeper <hl2li...@afksoftware.com> wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> I don't know how VAC works, but if it's loaded via a client side > >>>>>>> > >>>> plugin, I > >>>> > >>>>>>> doubt VAC sees it as an "external" program altering the game's > >>>>>>> > >> memory > >> > >>>>>>> space. > >>>>>>> But not knowing how VAC works, there's no telling what they look > >>>>>>> > >> for > >> > >>> or > >>> > >>>> how > >>>> > >>>>>>> they are detecting it. > >>>>>>> > >>>>>>> Keeper > >>>>>>> -----Original Message----- > >>>>>>> From: Michael Krasnow [mailto:mnk...@gmail.com] > >>>>>>> Sent: Tuesday, March 30, 2010 9:31 PM > >>>>>>> To: Half-Life dedicated Win32 server mailing list > >>>>>>> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. > >>>>>>> > >>>>>>> doesn't VAC check the memory? but +1 to the option for server > >>>>>>> > >> admins, > >> > >>>> but > >>>> > >>>>>>> somehow someone would find a way to change that or spoof it, idk, > >>>>>>> > >> its > >> > >>>>>>> weirds > >>>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>>> > >>> archives, > >>> > >>>>>>> please visit: > >>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> _______________________________________________ > >>>>>> To unsubscribe, edit your list preferences, or view the list > >>>>>> > >> archives, > >> > >>>> please visit: > >>>> > >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>>> > >>>>>> > >>>>>> > >>>>> _______________________________________________ > >>>>> To unsubscribe, edit your list preferences, or view the list > >>>>> > >> archives, > >> > >>>> please visit: > >>>> > >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>>> > >>>>> > >>>>> > >>>>> __________ Information from ESET NOD32 Antivirus, version of virus > >>>>> > >>>> signature database 4989 (20100331) __________ > >>>> > >>>>> The message was checked by ESET NOD32 Antivirus. > >>>>> > >>>>> http://www.eset.com > >>>>> > >>>>> > >>>>> > >>>>> > >>>> __________ Information from ESET NOD32 Antivirus, version of virus > >>>> signature database 4993 (20100401) __________ > >>>> > >>>> The message was checked by ESET NOD32 Antivirus. > >>>> > >>>> http://www.eset.com > >>>> > >>>> > >>>> > >>>> _______________________________________________ > >>>> To unsubscribe, edit your list preferences, or view the list archives, > >>>> please visit: > >>>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>>> > >>>> > >>> _______________________________________________ > >>> To unsubscribe, edit your list preferences, or view the list archives, > >>> please visit: > >>> http://list.valvesoftware.com/mailman/listinfo/hlds > >>> > >>> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds > >> > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > __________ Information from ESET NOD32 Antivirus, version of virus > signature database 4995 (20100402) __________ > > > > The message was checked by ESET NOD32 Antivirus. > > > > http://www.eset.com > > > > > > > > > __________ Information from ESET NOD32 Antivirus, version of virus > signature database 4995 (20100402) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
