You do understand the point that plugins are binaries and therefore may contain code you do not want them to have?
So there are two solutions to your concern: 1. Disable any server plugins (disallow write access to the addons folder) 2. Secure your gameserver install There is no other solution to this. Also you are talking about "this plugin". The plugin doesn't do any magic. It simply uses the system() call to execute a standalone binary. In case you decide to block the system() command using LD_PRELOAD or something alike the malicious user can simply use assembly to call the functions needed to spawn a shell on the server. Philip Adam Grzesko wrote:
Hi Philip, Thursday, April 6, 2006, 6:46:31 PM, you wrote: PL> And you think you aren't able to execute system commands using metamod? PL> Anything which ends up being a binary can contain malicious code which PL> will then be executed. Yes, but all essential files (on our servers) are marked executable and customer may not overwrite it. PL> Rather than choosing a secure setup you may simply want to ban Metamod, PL> SourceMM and anything else which allows binary plugins from your PL> customers servers. With this plugin the following scenario is possible: Example scenario: -- 1. Upload a text file, like cpp or any other program. 2. Compile it with g++ or gcc or with any other compiler available in the system. 3. Run compiled program via the plugin system command. best regards, Adam Grzesko [EMAIL PROTECTED] _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
