D N wrote:
From: m0gely <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [hlds_linux] Bring it on :D Date: Sun, 16 May 2004 14:43:14 -0800
D N wrote:
It can also pull down all kinds of unsavory stuff, local root exploits, rootkits, you name it. Plus, you can sit and leech bandwidth all day, DOS other sites/individuals/companies/government, etc.
Are you thiking of just offering a default install of an OS? C'mon. With a half heated attempt at securing your box alot of that can be avoided.
Show me how to prevent users from wgetting at will.
First logical thing would be restricting ports and ip's (assuming you have a single IP for gameserver, wich can be easilly arranjed with a good provider or LIR) to bandwidth. Second most logical thing, enforce a proxy and run a cache proxy, third logical thing, mess with the mimetypes (excellent in a chroot cage) or hack wget to pick only certain mimetypes or file tipes. Forth logical thing, costumers don't have access to compilers at all. Fifth thing, strong setuid binary policy. Sixth thing get a 'Gestapo' minded and capable unix admin. But nothing can assure you full security, either giving only FTP or SSH, besides, there are many more Shell Providers than Game Providers... Is your business far more dangerous than the Shell ones ? Are we guteless ? Don't think so. Good admins + good security policies, minimize always the risk, but nothing is 100% bullet proof, there's always a risk.
Yeah ok then :)
Couldn't agree more.
Yes, for shell you can run a restricted shell, chroot, etc.
Been discussed here before.
They can all be broken. No elitism from you can change that.
You are 100% right, specially when in the most of cases, elistists get wipped out easier and more times when compared to the most discrete people.
Sorry for getting in the middle.
Sounds like a great thing to give my users!!!
Sounds like a pretty stupid user to be screwing around on a server with root kits when you have their credit card info, mailing address and phone number all of which are verified. Or are you saying you don't bother with all that?
It all comes down to who has the keys. Are you aware there is rampant password-sharing going on? What if one of those people gives it to their friend, who then screws you over?
You gonna sue him for $100?
Its not worth my time OR the end users time, therefore ssh isnt given, period. Much easier and nothing is lost.
-- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
