Ack! I would normally place "You've got to be kidding me!" here but I know that you're not. From a security stand point, let's put this all together.
1. Requires root access via ssh. 2. Globals on. 3. Httpd user with a shell. 4. GCP software directory mode 777 There's enough problems with compromised systems due to operator error alone, alone actually placing your system in an insecure and compromisable position simply to run this software. From your message, it's readily apparent to me, that this is not something that you would want to run on a system that requires some sort of security from remote access. There's no reason, whatsoever, that the httpd user should require a shell. Why not just chmod 777 / and chroot anon ftp users to / and get the job over with that much faster? -- Micheal Patterson Senior Communications Systems Engineer 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ----- Original Message ----- From: "hondaman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 20, 2004 1:06 PM Subject: [hlds_linux] [OT] Beating a dead horse? My experience with GameCP > So, after the long discussion about game control panels here on this > list, I decided to give GameCP a shot. It offers a free trial, so what > do I have to lose, I asked myself? > > 3 full days with nothing to show for it. Thats what I lost. > > I wont go into detail on every part of the install, because this really > isnt an official review. However I though you guys should know what you > are getting into before shelling out the minimum $150.00 to purchase the > software. > > 1. The install documentation is worthless. Its outdated, and doesnt > even remotely apply to the current version of the software. > 2. Support was hit and run. And not only for me, a trial customer. I > witnessed several other people in his IRC channel who where left hanging > with unanswered questions. I didnt attempt to call him, so I cant say > how well phone support works. > 3. The software itself is broken. It tells you to do things during the > install that, because of updates, arent required anymore. When I asked > about performing certain functions during the install, I was told "Dont > do what it says. Its outdated." Well, where does that leave me, the > poor guy installing this? No documentation, no support. I can even > trust the installer to tell me what to do. > 4. Be aware that GameCP *requires* root access via ssh. Not a good > thing in my opinion especially considering all the brute force attempts > at root access we have all seen. > 5. The documentation, as does William (GameCP coder) says to su to the > user running apache and perform some install operations as that user. > First of all, my apache user is "nobody" and doesnt have a shell. I was > told to enable the shell for the user "nobody" BAD idea. > 6. GameCP requires php globals to be turned on. Not a bad thing > necessarily, but certainly not good for the security-conscience. > 7. The install failed at another point, and it was a permissions > problem in the web directory for gcp. I was told to simply chmod 777 > the file. This too might not be bad in and of itself, but when you > consider that this is closed source, and being told to chmod 777 a .php > file arbitrarily without rhyme or reason gave reason for concern. > > These are most of the major concerns I had, and I believe justified. > GameCP certainly could be, with a lot of work, something that should be > considered for a GSP. Its simply not ready right now. William on IRC > (I spoke with him a lot when he was available) was polite and helpful, > but I came away with the impression that he is an open source coder, > with an open source attitude about coding, i.e. "I write it, you figure > it out, and if you cant, write your own code" One can get away with > that writing open source software. However, it simply isnt tolerable > when you are charging $150.00 per box. There is an extreme lack of > detail in the software, the documentation, even in the maintenance of > his own website. All these things combined should throw several red > flags in your head and cause you to look closer before making a GCP > purchase. > > If nothing else, please TRY this software before you buy it. > > hondaman > www.hardgaming.com > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
