If they have access to any binary anywhere on the machine they could exploit the machine (this holds true for any binary you ever let a third party run and also have write access to).
- Alfred Ian mu wrote: > -- > [ Picked text/plain from multipart/alternative ] > This is a serious risk. All they need is ftp access, and essentially > they > can now have ssh access. A simple one liner (even as an under > privileged > user) can take the whole machine down (tried and tested). > > Only way around not letting them install it is to remove ftp access. > I'll > wager 99% of the servers out there have ftp access to upload maps and > mods. > > Its a bad oversight by Valve, and they should have some method of > either > preventing it, or having it disabled as an option (just like you > would a > webserver for example not allowing shell execs). > > > On 4/6/06, Craig Moore <[EMAIL PROTECTED]> wrote: >> >> Simply don't allow them to install it, then. If you give them enough >> power to do all this, what makes you think it'd take a plugin for >> someone to do something malicious? >> >> On 4/6/06, Adam Grzesko <[EMAIL PROTECTED]> wrote: >>> Hi Martin, >>> >>> Thursday, April 6, 2006, 4:58:40 PM, you wrote: >>> >>>> Then you are a bad provider if you can't secure your machine >>>> against your customers ... >>> >>> Just forgot to add that even jail+chroot wouldn't be a solution to >>> this specially when third party software, that should be separated >>> from customer's access area, is needed inside jail environment. >>> >>> best regards, >>> Adam Grzesko >>> [EMAIL PROTECTED] >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list >> archives, please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > -- > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
