And you are one of the people who start crying first when their customers upload nasty scripts and run them via this absolutely crazy and simple way. You can run many evil scripts without root privileges.
| -----Original Message----- | From: [EMAIL PROTECTED] [mailto:hlds_linux- | [EMAIL PROTECTED] On Behalf Of Martin Zwickel | Sent: Friday, September 23, 2005 4:00 PM | To: hlds_linux@list.valvesoftware.com | Cc: [EMAIL PROTECTED] | Subject: Re: [hlds_linux] RE: Mandatory Source engine update later | today... | | On Fri, 23 Sep 2005 15:41:29 +0200 | "Marcel" <[EMAIL PROTECTED]> bubbled: | | > Hi, | > | > Holy shit - that would be such a huge security problem! | | Erhm, why? The script gets started by the hlds server with the same | uid/gid. No one else could start it as a client. | | > Please don't to that! | > | > Instead another method to find out if an update is released would be | > great - something you can easily do with a shell script (like | > downloading a webpage and "scan" for a message or sth.). | | Well, I hate that kind of method. The hlds server is the one that | already knows about an update in (I think) nearly realtime. So it would | cost extra processor cycles to check a HTML site every 5 minutes or so | ... | | -- | MyExcuse: | kernel panic: write-only-memory (/dev/wom0) capacity exceeded. | | Martin Zwickel <[EMAIL PROTECTED]> | Research & Development | | TechnoTrend AG <http://www.technotrend.de> | | _______________________________________________ | To unsubscribe, edit your list preferences, or view the list archives, | please visit: | http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
