neph for srcds security advisor On Wed, Mar 17, 2010 at 10:36 AM, EVAgames Community <hlds_li...@evagames.eu > wrote:
> +1 > > On Wed, 17 Mar 2010 01:00:05 +0200, Nephyrin Zey <nephy...@doublezen.net> > wrote: > > > Speaking of unresolved problems... > > > > - Unconnected commands > > - Basically any invalid packet causing the server to break in some way > > -- A2S_INFO spam (query caching just makes it take slightly more packets > > to lag everything out) > > -- A2C_PRINT spam causes lag, even before \b or bell character issues. > > - 'nuker' spam is still very effective (tons of huge packets with the > > string 'lol' followed by hundreds of null bytes) > > - Was that friendly-heavy exploit fixed? > > - Master server issues (why isn't this handled through steam yet?) > > - SteamID spoofing (protip: disabling some necessary ticket checks is > > not a valid fix for invalid-steam-ticket drop issues, valve) > > - Linux binaries *still* misdetect the CPU and disable what few sse2 > > functions the engine has. > > - Linux binaries suck balls and are completely unoptimized, presumably > > so ancient machines that could never run OB engine servers can still > > host them. > > - 64bit binaries? PLZ > > - Everything here http://wiki.alliedmods.net/SRCDS_Hardening > > - Clients can *still* load plugins (VAC, lol) > > - Empty names > > - File uploads still work, you just have to be slightly more creative > > and find one of the many unblocked extensions that can be used in a > > exploitative fashion. > > > > AND SO ON > > > > PS Gimmiejobplzvalve > > > > - Neph > > > > On 03/10/2010 09:34 AM, Ronny Schedel wrote: > >> Hello, > >> > >> since the update from 2nd of March we suffer from some unresolved > >> problems, > >> which causes bad game experience for players: > >> > >> 1. Ghost players with empty names are created by the server, they count > >> as > >> occupied slots in the server info. Players cannot connect when free > >> slots > >> with ghost players maxing out the max player settings. > >> 2. SourceTV adds an additional slot to the max player setting (which is > >> okay), but is not counted as player. If the server is full with players > >> and > >> 1 SourceTV is enabled, the server info shows 24 of 25 max players. > >> Players > >> cannot connect, because the slot 24 is not free, it's occupied by the > >> SourceTV. > >> 3. Custom Cvars created in server plugins are missing in the server > >> info. > >> > >> Please Valve, after a week of nothing, give us a fix for the broken > >> server > >> info. > >> > >> Thank you > >> > >> Ronny Schedel > >> > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux