Re: [hlds_linux] L4D forks keep crashing

[Ronny Schedel]

As far as I have seen, it occurs after the game is over and the server goes 
back to hibernating state. Idle servers are never affected by this. It does 
not occur all the time, I suspect it occurs when there is a problem with the 
connection to the master server to set the free state for the server or 
something similar.


> Jay Deiman wrote:
>> Ronny Schedel wrote:
>>
>>> The crashes occur on a vanilla server.
>>>
>>
>> Yeah, I will second that (again).  It seems to be fairly random as well.
>>
>> Jay
> Happens to me as well, but only on server that are in use.
> I also have some forks that are private and have not been used lately.
> So it's definitly not something that just happens at random but is
> triggered during useage. Although I am unable to determine the cause.
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Crazy Canucks]

Finally!  Something worth discussing!  Bavarian beer!  m... ;)

I'll just add my two cents here.  There is no other company that I know 
of that supports it's modding community as enthusiastically as Valve 
does, with the possible exception of Blizzard with the WoW gui modding 
community.  Blizzard and Valve have a lot in common in that they don't 
abandon their wonderful old games.  They are the only two gaming 
corporations that I know of that do this.

They aren't perfect, but they deserve some respect, and the occasional 
thank you.

Drek

Stefan Popp wrote:
> Maybe :)
>
> I guess we start to understand what each other means :)
> Let us discuss next time with a litre bavarian beer and "Weißwürste".
> I pay ;)
>
> - Back to technical topics -
>
> Best regards,
> Stefan Popp
>
> Evaldas, GameConnect schrieb:
>   
>> Hey, I didn’t start teaching VALVe employees how to code. It’s easy for you 
>> to say. Did anyone of you release your own game engine? Maybe two? You 
>> people started the flame about “Hey VALVe, drop all your HL2 sources and 
>> rewrite it in C++”. And believe me, your comparing isn’t fear… Releasing 
>> COD4 means that COD2 is dead? Then Counter-Strike should be removed from 
>> steam game list, :-) because we have orangeBox. So, going back to the 
>> ethics, VALVe is doing a great job by supporting ALL of their games. Maybe 
>> the support isn’t so fast and their update priority list is… strange. But 
>> they are supporting ALL of their products. Even the 10-year old. I think 
>> that employees will see this spam and react to it. Do some global engine 
>> patching and everything will be ok. You say that someone has contacted them. 
>> What do we mean by contacting? Maybe someone mailed 
>> cont...@valvesoftware.com about this bug and what? I bet that they get 
>> thousands of mails per day. It isn’t fear to say that they aware of the 
>> problem if they didn’t say so.
>>
>> Anyway, technical mailing list is not a place to flame and learn programmers 
>> how to code. :-)
>>
>> Evaldas,
>> GameConnect, Lithuania
>> www.gameconnect.lt
>>
>>
>> - Original Message - 
>> From: "Stefan Popp" 
>> To: "Half-Life dedicated Linux server mailing list" 
>> 
>> Sent: Wednesday, August 19, 2009 1:52 AM
>> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
>> Vulnerability
>>
>>
>>   
>> 
>>> I think our discusion will never end with our argumentations. iam
>>> talking about ethic, and you talk about budget and resources ;)
>>> At least, if you have a problems with a program you have to apply
>>> pressure on the company how made it if you want fixes.
>>> Thats the point of support. And COD2 is dead. After COD4 the mainstream
>>> doesnt care about COD2. At least, COD4 is just a update.
>>> Why fixing Windows 2000 if Windows XP doesnt have the bug anymore and
>>> the support is expired?
>>>
>>> Finally, the current discussion is around latest games, and not stuff
>>> which is 10 years old.
>>> So, stop discuss about things which doesnt apply to the mainsteam =)
>>>
>>> Best regards,
>>> Stefan Popp
>>>
>>> Evaldas Žilinskas schrieb:
>>> 
>>>   
 I wouldn’t call COD2 a game without bugs. :) When did we see last update? 
 Oh
 yes… 3 years ago. :-) And talking about Microsoft… Their support is quite
 interesting. You call, they tell you how to use your control panel, but 
 when
 we go back to the part, when bugs and exploits must be fixed… They decide
 directly from air witch exploits must be fixed and witch will remain for
 ever to deal with. We have Windows Vista, everyone is crying, people are
 dying… and what? We will get new Windows product, witch will cost money.
 Vista will remain slow working with its bugs and other things people paid
 money for. Everyone has a politics to do their commercial. I don’t blame
 Valve…

 Evaldas,
 GameConnect, Lithuania
 www.gameconnect.lt

 - Original Message - 
 From: "Stefan Popp" 
 To: "Half-Life dedicated Linux server mailing list"
 
 Sent: Wednesday, August 19, 2009 12:59 AM
 Subject: Re: [hlds_linux] Valve Source Engine Console Message Format 
 String
 Vulnerability



   
 
> Thats true ;)
>
> Best example: SAP =D
>
> Oliver Salzburg schrieb:
>
> 
>   
>> Well, some people just need 10 years to get their shit right...
>>
>> Evaldas Žilinskas wrote:
>>
>>
>>   
>> 
>>> Oh… Show me other company that still supports 10 year old games like
>>> Half-Life, by providing community integration, Russian walk prevention
>>> and
>>> exploit fixing updates? Maybe EA :-)? These things cost money and they
>>> are
>>> not responsible because of some of dumb players, trying to use found
>>> game
>>> exploits as a cheat or as a way to hack something. They do their best

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

Maybe :)

I guess we start to understand what each other means :)
Let us discuss next time with a litre bavarian beer and "Weißwürste".
I pay ;)

- Back to technical topics -

Best regards,
Stefan Popp

Evaldas, GameConnect schrieb:
> Hey, I didn’t start teaching VALVe employees how to code. It’s easy for you 
> to say. Did anyone of you release your own game engine? Maybe two? You 
> people started the flame about “Hey VALVe, drop all your HL2 sources and 
> rewrite it in C++”. And believe me, your comparing isn’t fear… Releasing 
> COD4 means that COD2 is dead? Then Counter-Strike should be removed from 
> steam game list, :-) because we have orangeBox. So, going back to the 
> ethics, VALVe is doing a great job by supporting ALL of their games. Maybe 
> the support isn’t so fast and their update priority list is… strange. But 
> they are supporting ALL of their products. Even the 10-year old. I think 
> that employees will see this spam and react to it. Do some global engine 
> patching and everything will be ok. You say that someone has contacted them. 
> What do we mean by contacting? Maybe someone mailed 
> cont...@valvesoftware.com about this bug and what? I bet that they get 
> thousands of mails per day. It isn’t fear to say that they aware of the 
> problem if they didn’t say so.
>
> Anyway, technical mailing list is not a place to flame and learn programmers 
> how to code. :-)
>
> Evaldas,
> GameConnect, Lithuania
> www.gameconnect.lt
>
>
> - Original Message - 
> From: "Stefan Popp" 
> To: "Half-Life dedicated Linux server mailing list" 
> 
> Sent: Wednesday, August 19, 2009 1:52 AM
> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
> Vulnerability
>
>
>   
>> I think our discusion will never end with our argumentations. iam
>> talking about ethic, and you talk about budget and resources ;)
>> At least, if you have a problems with a program you have to apply
>> pressure on the company how made it if you want fixes.
>> Thats the point of support. And COD2 is dead. After COD4 the mainstream
>> doesnt care about COD2. At least, COD4 is just a update.
>> Why fixing Windows 2000 if Windows XP doesnt have the bug anymore and
>> the support is expired?
>>
>> Finally, the current discussion is around latest games, and not stuff
>> which is 10 years old.
>> So, stop discuss about things which doesnt apply to the mainsteam =)
>>
>> Best regards,
>> Stefan Popp
>>
>> Evaldas Žilinskas schrieb:
>> 
>>> I wouldn’t call COD2 a game without bugs. :) When did we see last update? 
>>> Oh
>>> yes… 3 years ago. :-) And talking about Microsoft… Their support is quite
>>> interesting. You call, they tell you how to use your control panel, but 
>>> when
>>> we go back to the part, when bugs and exploits must be fixed… They decide
>>> directly from air witch exploits must be fixed and witch will remain for
>>> ever to deal with. We have Windows Vista, everyone is crying, people are
>>> dying… and what? We will get new Windows product, witch will cost money.
>>> Vista will remain slow working with its bugs and other things people paid
>>> money for. Everyone has a politics to do their commercial. I don’t blame
>>> Valve…
>>>
>>> Evaldas,
>>> GameConnect, Lithuania
>>> www.gameconnect.lt
>>>
>>> - Original Message - 
>>> From: "Stefan Popp" 
>>> To: "Half-Life dedicated Linux server mailing list"
>>> 
>>> Sent: Wednesday, August 19, 2009 12:59 AM
>>> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format 
>>> String
>>> Vulnerability
>>>
>>>
>>>
>>>   
 Thats true ;)

 Best example: SAP =D

 Oliver Salzburg schrieb:

 
> Well, some people just need 10 years to get their shit right...
>
> Evaldas Žilinskas wrote:
>
>
>   
>> Oh… Show me other company that still supports 10 year old games like
>> Half-Life, by providing community integration, Russian walk prevention
>> and
>> exploit fixing updates? Maybe EA :-)? These things cost money and they
>> are
>> not responsible because of some of dumb players, trying to use found
>> game
>> exploits as a cheat or as a way to hack something. They do their best
>> and I’m
>> sure about that. More customers you have, more exploits and bugs will 
>> be
>> found. And… making a dialogue with everyone – it’s impossible. I own a
>> company with only a few thousand customers and even then it’s hard to
>> maintain everyone. How many customers VALVe has?
>>
>> players,
>> server admins,
>> source engine owners,
>> third party mod developers,
>> cybercafé owners,
>> content resellers,
>> steam store sellers…
>>
>> Hey Alfred, I’ve found a bug, answer me! Believe me – NOT so easy!
>>
>>
>> Evaldas,
>> GameConnect, Lithuania
>> www.gameconnect.lt
>>
>>
>> - Original Message - 
>> From: "Stefan Popp" 
>> To: "Half-Life

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Evaldas, GameConnect]

Hey, I didn’t start teaching VALVe employees how to code. It’s easy for you 
to say. Did anyone of you release your own game engine? Maybe two? You 
people started the flame about “Hey VALVe, drop all your HL2 sources and 
rewrite it in C++”. And believe me, your comparing isn’t fear… Releasing 
COD4 means that COD2 is dead? Then Counter-Strike should be removed from 
steam game list, :-) because we have orangeBox. So, going back to the 
ethics, VALVe is doing a great job by supporting ALL of their games. Maybe 
the support isn’t so fast and their update priority list is… strange. But 
they are supporting ALL of their products. Even the 10-year old. I think 
that employees will see this spam and react to it. Do some global engine 
patching and everything will be ok. You say that someone has contacted them. 
What do we mean by contacting? Maybe someone mailed 
cont...@valvesoftware.com about this bug and what? I bet that they get 
thousands of mails per day. It isn’t fear to say that they aware of the 
problem if they didn’t say so.

Anyway, technical mailing list is not a place to flame and learn programmers 
how to code. :-)

Evaldas,
GameConnect, Lithuania
www.gameconnect.lt


- Original Message - 
From: "Stefan Popp" 
To: "Half-Life dedicated Linux server mailing list" 

Sent: Wednesday, August 19, 2009 1:52 AM
Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
Vulnerability


>I think our discusion will never end with our argumentations. iam
> talking about ethic, and you talk about budget and resources ;)
> At least, if you have a problems with a program you have to apply
> pressure on the company how made it if you want fixes.
> Thats the point of support. And COD2 is dead. After COD4 the mainstream
> doesnt care about COD2. At least, COD4 is just a update.
> Why fixing Windows 2000 if Windows XP doesnt have the bug anymore and
> the support is expired?
>
> Finally, the current discussion is around latest games, and not stuff
> which is 10 years old.
> So, stop discuss about things which doesnt apply to the mainsteam =)
>
> Best regards,
> Stefan Popp
>
> Evaldas Žilinskas schrieb:
>> I wouldn’t call COD2 a game without bugs. :) When did we see last update? 
>> Oh
>> yes… 3 years ago. :-) And talking about Microsoft… Their support is quite
>> interesting. You call, they tell you how to use your control panel, but 
>> when
>> we go back to the part, when bugs and exploits must be fixed… They decide
>> directly from air witch exploits must be fixed and witch will remain for
>> ever to deal with. We have Windows Vista, everyone is crying, people are
>> dying… and what? We will get new Windows product, witch will cost money.
>> Vista will remain slow working with its bugs and other things people paid
>> money for. Everyone has a politics to do their commercial. I don’t blame
>> Valve…
>>
>> Evaldas,
>> GameConnect, Lithuania
>> www.gameconnect.lt
>>
>> - Original Message - 
>> From: "Stefan Popp" 
>> To: "Half-Life dedicated Linux server mailing list"
>> 
>> Sent: Wednesday, August 19, 2009 12:59 AM
>> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format 
>> String
>> Vulnerability
>>
>>
>>
>>> Thats true ;)
>>>
>>> Best example: SAP =D
>>>
>>> Oliver Salzburg schrieb:
>>>
 Well, some people just need 10 years to get their shit right...

 Evaldas Žilinskas wrote:


> Oh… Show me other company that still supports 10 year old games like
> Half-Life, by providing community integration, Russian walk prevention
> and
> exploit fixing updates? Maybe EA :-)? These things cost money and they
> are
> not responsible because of some of dumb players, trying to use found
> game
> exploits as a cheat or as a way to hack something. They do their best
> and I’m
> sure about that. More customers you have, more exploits and bugs will 
> be
> found. And… making a dialogue with everyone – it’s impossible. I own a
> company with only a few thousand customers and even then it’s hard to
> maintain everyone. How many customers VALVe has?
>
> players,
> server admins,
> source engine owners,
> third party mod developers,
> cybercafé owners,
> content resellers,
> steam store sellers…
>
> Hey Alfred, I’ve found a bug, answer me! Believe me – NOT so easy!
>
>
> Evaldas,
> GameConnect, Lithuania
> www.gameconnect.lt
>
>
> - Original Message - 
> From: "Stefan Popp" 
> To: "Half-Life dedicated Linux server mailing list"
> 
> Sent: Tuesday, August 18, 2009 10:37 PM
> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format
> String
> Vulnerability
>
>
>
>
>
>> Wheres the point?
>>
>> Its their product, and they have to support the product. If i code 
>> any
>> application and i wait 4 weeks (or more :P) until i fix anything for 
>> my
>

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

I think our discusion will never end with our argumentations. iam 
talking about ethic, and you talk about budget and resources ;)
At least, if you have a problems with a program you have to apply 
pressure on the company how made it if you want fixes.
Thats the point of support. And COD2 is dead. After COD4 the mainstream 
doesnt care about COD2. At least, COD4 is just a update.
Why fixing Windows 2000 if Windows XP doesnt have the bug anymore and 
the support is expired?

Finally, the current discussion is around latest games, and not stuff 
which is 10 years old.
So, stop discuss about things which doesnt apply to the mainsteam =)

Best regards,
Stefan Popp

Evaldas Žilinskas schrieb:
> I wouldn’t call COD2 a game without bugs. :) When did we see last update? Oh 
> yes… 3 years ago. :-) And talking about Microsoft… Their support is quite 
> interesting. You call, they tell you how to use your control panel, but when 
> we go back to the part, when bugs and exploits must be fixed… They decide 
> directly from air witch exploits must be fixed and witch will remain for 
> ever to deal with. We have Windows Vista, everyone is crying, people are 
> dying… and what? We will get new Windows product, witch will cost money. 
> Vista will remain slow working with its bugs and other things people paid 
> money for. Everyone has a politics to do their commercial. I don’t blame 
> Valve…
>
> Evaldas,
> GameConnect, Lithuania
> www.gameconnect.lt
>
> - Original Message - 
> From: "Stefan Popp" 
> To: "Half-Life dedicated Linux server mailing list" 
> 
> Sent: Wednesday, August 19, 2009 12:59 AM
> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
> Vulnerability
>
>
>   
>> Thats true ;)
>>
>> Best example: SAP =D
>>
>> Oliver Salzburg schrieb:
>> 
>>> Well, some people just need 10 years to get their shit right...
>>>
>>> Evaldas Žilinskas wrote:
>>>
>>>   
 Oh… Show me other company that still supports 10 year old games like
 Half-Life, by providing community integration, Russian walk prevention 
 and
 exploit fixing updates? Maybe EA :-)? These things cost money and they 
 are
 not responsible because of some of dumb players, trying to use found 
 game
 exploits as a cheat or as a way to hack something. They do their best 
 and I’m
 sure about that. More customers you have, more exploits and bugs will be
 found. And… making a dialogue with everyone – it’s impossible. I own a
 company with only a few thousand customers and even then it’s hard to
 maintain everyone. How many customers VALVe has?

 players,
 server admins,
 source engine owners,
 third party mod developers,
 cybercafé owners,
 content resellers,
 steam store sellers…

 Hey Alfred, I’ve found a bug, answer me! Believe me – NOT so easy!


 Evaldas,
 GameConnect, Lithuania
 www.gameconnect.lt


 - Original Message - 
 From: "Stefan Popp" 
 To: "Half-Life dedicated Linux server mailing list"
 
 Sent: Tuesday, August 18, 2009 10:37 PM
 Subject: Re: [hlds_linux] Valve Source Engine Console Message Format 
 String
 Vulnerability




 
> Wheres the point?
>
> Its their product, and they have to support the product. If i code any
> application and i wait 4 weeks (or more :P) until i fix anything for my
> customers, i can go directly to die.
> I never said valve didnt support their products, but the point is, how
> they do that. And the royal way of support is fast fixing of bugs, and
> if providing sdk's, updating the materials around. And currently i 
> think
> Valve makes bad support. Maybe, they kicked some programmers or
> somethin? But as customer i didnt care about their resources, i only
> care about theire reaction times if i got problems ;) or?
>
> Saint K. schrieb:
>
>
>   
>> Imo VALVe is still the only one who cares and interacts so much with
>> their community. Yes they have their flaws, and they can be ugly at
>> times, but hey, what other dev mails you straight away when you report 
>> a
>> bug to resolve it? So far this only happends to me with VALVe. From 
>> other
>> devs u should thank god on your knees to ever get any response at all.
>>
>> The games are worth their money, and the suport on their games is
>> insanely long.
>>
>> VALVe still has and will continue to have my support.
>>
>> Saint K.
>> -Original Message-
>> From: hlds_linux-boun...@list.valvesoftware.com
>> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Stefan
>> Popp
>> Sent: dinsdag 18 augustus 2009 20:51
>> To: Half-Life dedicated Linux server mailing list
>> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format
>> String Vulnerability
>>

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Evaldas Žilinskas]

I wouldn’t call COD2 a game without bugs. :) When did we see last update? Oh 
yes… 3 years ago. :-) And talking about Microsoft… Their support is quite 
interesting. You call, they tell you how to use your control panel, but when 
we go back to the part, when bugs and exploits must be fixed… They decide 
directly from air witch exploits must be fixed and witch will remain for 
ever to deal with. We have Windows Vista, everyone is crying, people are 
dying… and what? We will get new Windows product, witch will cost money. 
Vista will remain slow working with its bugs and other things people paid 
money for. Everyone has a politics to do their commercial. I don’t blame 
Valve…

Evaldas,
GameConnect, Lithuania
www.gameconnect.lt

- Original Message - 
From: "Stefan Popp" 
To: "Half-Life dedicated Linux server mailing list" 

Sent: Wednesday, August 19, 2009 12:59 AM
Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
Vulnerability


> Thats true ;)
>
> Best example: SAP =D
>
> Oliver Salzburg schrieb:
>> Well, some people just need 10 years to get their shit right...
>>
>> Evaldas Žilinskas wrote:
>>
>>> Oh… Show me other company that still supports 10 year old games like
>>> Half-Life, by providing community integration, Russian walk prevention 
>>> and
>>> exploit fixing updates? Maybe EA :-)? These things cost money and they 
>>> are
>>> not responsible because of some of dumb players, trying to use found 
>>> game
>>> exploits as a cheat or as a way to hack something. They do their best 
>>> and I’m
>>> sure about that. More customers you have, more exploits and bugs will be
>>> found. And… making a dialogue with everyone – it’s impossible. I own a
>>> company with only a few thousand customers and even then it’s hard to
>>> maintain everyone. How many customers VALVe has?
>>>
>>> players,
>>> server admins,
>>> source engine owners,
>>> third party mod developers,
>>> cybercafé owners,
>>> content resellers,
>>> steam store sellers…
>>>
>>> Hey Alfred, I’ve found a bug, answer me! Believe me – NOT so easy!
>>>
>>>
>>> Evaldas,
>>> GameConnect, Lithuania
>>> www.gameconnect.lt
>>>
>>>
>>> - Original Message - 
>>> From: "Stefan Popp" 
>>> To: "Half-Life dedicated Linux server mailing list"
>>> 
>>> Sent: Tuesday, August 18, 2009 10:37 PM
>>> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format 
>>> String
>>> Vulnerability
>>>
>>>
>>>
>>>
 Wheres the point?

 Its their product, and they have to support the product. If i code any
 application and i wait 4 weeks (or more :P) until i fix anything for my
 customers, i can go directly to die.
 I never said valve didnt support their products, but the point is, how
 they do that. And the royal way of support is fast fixing of bugs, and
 if providing sdk's, updating the materials around. And currently i 
 think
 Valve makes bad support. Maybe, they kicked some programmers or
 somethin? But as customer i didnt care about their resources, i only
 care about theire reaction times if i got problems ;) or?

 Saint K. schrieb:


> Imo VALVe is still the only one who cares and interacts so much with
> their community. Yes they have their flaws, and they can be ugly at
> times, but hey, what other dev mails you straight away when you report 
> a
> bug to resolve it? So far this only happends to me with VALVe. From 
> other
> devs u should thank god on your knees to ever get any response at all.
>
> The games are worth their money, and the suport on their games is
> insanely long.
>
> VALVe still has and will continue to have my support.
>
> Saint K.
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Stefan
> Popp
> Sent: dinsdag 18 augustus 2009 20:51
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format
> String Vulnerability
>
> The wish is currently present ;)
>
> Due a lot of stuff valve didnt managed the right way ;)
> 1. bad code and many ways to crash servers from client side
> 2. changing engine stuff without telling plugin developer about 
> changes
> or any new sdk's
> 3. no statements about this and a lot of other points ;)
>
> there are a lot of reasons why i wish to get my money back, but i 
> still
> hope that valve goes back to their roots and care about theire 
> community
> ;)
>
> Best regards,
> Stefan Popp
>
> Adam Nowacki schrieb:
>
>
>
>> You'd wish you never bought any Valve games the day this happens.
>>
>> Stefan Popp wrote:
>>
>>
>>
>>
>>> Sorry, but this must be corrected ;)
>>>
>>> -"Valve should start coding c++ with steams ;)"
>>> +"Valve shoul

Re: [hlds_linux] L4D forks keep crashing

[Oliver Salzburg]

Jay Deiman wrote:
> Ronny Schedel wrote:
>   
>> The crashes occur on a vanilla server.
>> 
>
> Yeah, I will second that (again).  It seems to be fairly random as well.
>
> Jay
Happens to me as well, but only on server that are in use.
I also have some forks that are private and have not been used lately.
So it's definitly not something that just happens at random but is
triggered during useage. Although I am unable to determine the cause.

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

Thats true ;)

Best example: SAP =D

Oliver Salzburg schrieb:
> Well, some people just need 10 years to get their shit right...
>
> Evaldas Žilinskas wrote:
>   
>> Oh… Show me other company that still supports 10 year old games like 
>> Half-Life, by providing community integration, Russian walk prevention and 
>> exploit fixing updates? Maybe EA :-)? These things cost money and they are 
>> not responsible because of some of dumb players, trying to use found game 
>> exploits as a cheat or as a way to hack something. They do their best and 
>> I’m 
>> sure about that. More customers you have, more exploits and bugs will be 
>> found. And… making a dialogue with everyone – it’s impossible. I own a 
>> company with only a few thousand customers and even then it’s hard to 
>> maintain everyone. How many customers VALVe has?
>>
>> players,
>> server admins,
>> source engine owners,
>> third party mod developers,
>> cybercafé owners,
>> content resellers,
>> steam store sellers…
>>
>> Hey Alfred, I’ve found a bug, answer me! Believe me – NOT so easy!
>>
>>
>> Evaldas,
>> GameConnect, Lithuania
>> www.gameconnect.lt
>>
>>
>> - Original Message - 
>> From: "Stefan Popp" 
>> To: "Half-Life dedicated Linux server mailing list" 
>> 
>> Sent: Tuesday, August 18, 2009 10:37 PM
>> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
>> Vulnerability
>>
>>
>>   
>> 
>>> Wheres the point?
>>>
>>> Its their product, and they have to support the product. If i code any
>>> application and i wait 4 weeks (or more :P) until i fix anything for my
>>> customers, i can go directly to die.
>>> I never said valve didnt support their products, but the point is, how
>>> they do that. And the royal way of support is fast fixing of bugs, and
>>> if providing sdk's, updating the materials around. And currently i think
>>> Valve makes bad support. Maybe, they kicked some programmers or
>>> somethin? But as customer i didnt care about their resources, i only
>>> care about theire reaction times if i got problems ;) or?
>>>
>>> Saint K. schrieb:
>>> 
>>>   
 Imo VALVe is still the only one who cares and interacts so much with 
 their community. Yes they have their flaws, and they can be ugly at 
 times, but hey, what other dev mails you straight away when you report a 
 bug to resolve it? So far this only happends to me with VALVe. From other 
 devs u should thank god on your knees to ever get any response at all.

 The games are worth their money, and the suport on their games is 
 insanely long.

 VALVe still has and will continue to have my support.

 Saint K.
 -Original Message-
 From: hlds_linux-boun...@list.valvesoftware.com 
 [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Stefan 
 Popp
 Sent: dinsdag 18 augustus 2009 20:51
 To: Half-Life dedicated Linux server mailing list
 Subject: Re: [hlds_linux] Valve Source Engine Console Message Format 
 String Vulnerability

 The wish is currently present ;)

 Due a lot of stuff valve didnt managed the right way ;)
 1. bad code and many ways to crash servers from client side
 2. changing engine stuff without telling plugin developer about changes
 or any new sdk's
 3. no statements about this and a lot of other points ;)

 there are a lot of reasons why i wish to get my money back, but i still
 hope that valve goes back to their roots and care about theire community 
 ;)

 Best regards,
 Stefan Popp

 Adam Nowacki schrieb:

   
 
> You'd wish you never bought any Valve games the day this happens.
>
> Stefan Popp wrote:
>
>
> 
>   
>> Sorry, but this must be corrected ;)
>>
>> -"Valve should start coding c++ with steams ;)"
>> +"Valve should start coding c++ with streams ;)"
>>
>> Best regards,
>> Stefan Popp
>>
>> Stefan Popp schrieb:
>>
>>
>>   
>> 
>>> Well,
>>>
>>> Valve should start coding c++ with steams ;)
>>> Who works with printfs today?
>>>
>>> I hope Valve will fix the whole source to prevent overflows.
>>> C++ is you friend, not old C stuff...
>>>
>>> Best regards,
>>> Stefan Popp
>>>
>>>
>>> Claudio Beretta schrieb:
>>>
>>>
>>>
>>> 
>>>   
 Thanks, anyone knows if a workaround is available?

 BTW: aren't "security researchers" supposed to contact the developers 
 before
 releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in 
 a few
 weeks -.-


 On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  
 wrote:





   
 
> A friend forwarded me this in

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Oliver Salzburg]

Well, some people just need 10 years to get their shit right...

Evaldas Žilinskas wrote:
> Oh… Show me other company that still supports 10 year old games like 
> Half-Life, by providing community integration, Russian walk prevention and 
> exploit fixing updates? Maybe EA :-)? These things cost money and they are 
> not responsible because of some of dumb players, trying to use found game 
> exploits as a cheat or as a way to hack something. They do their best and I’m 
> sure about that. More customers you have, more exploits and bugs will be 
> found. And… making a dialogue with everyone – it’s impossible. I own a 
> company with only a few thousand customers and even then it’s hard to 
> maintain everyone. How many customers VALVe has?
>
> players,
> server admins,
> source engine owners,
> third party mod developers,
> cybercafé owners,
> content resellers,
> steam store sellers…
>
> Hey Alfred, I’ve found a bug, answer me! Believe me – NOT so easy!
>
>
> Evaldas,
> GameConnect, Lithuania
> www.gameconnect.lt
>
>
> - Original Message - 
> From: "Stefan Popp" 
> To: "Half-Life dedicated Linux server mailing list" 
> 
> Sent: Tuesday, August 18, 2009 10:37 PM
> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
> Vulnerability
>
>
>   
>> Wheres the point?
>>
>> Its their product, and they have to support the product. If i code any
>> application and i wait 4 weeks (or more :P) until i fix anything for my
>> customers, i can go directly to die.
>> I never said valve didnt support their products, but the point is, how
>> they do that. And the royal way of support is fast fixing of bugs, and
>> if providing sdk's, updating the materials around. And currently i think
>> Valve makes bad support. Maybe, they kicked some programmers or
>> somethin? But as customer i didnt care about their resources, i only
>> care about theire reaction times if i got problems ;) or?
>>
>> Saint K. schrieb:
>> 
>>> Imo VALVe is still the only one who cares and interacts so much with 
>>> their community. Yes they have their flaws, and they can be ugly at 
>>> times, but hey, what other dev mails you straight away when you report a 
>>> bug to resolve it? So far this only happends to me with VALVe. From other 
>>> devs u should thank god on your knees to ever get any response at all.
>>>
>>> The games are worth their money, and the suport on their games is 
>>> insanely long.
>>>
>>> VALVe still has and will continue to have my support.
>>>
>>> Saint K.
>>> -Original Message-
>>> From: hlds_linux-boun...@list.valvesoftware.com 
>>> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Stefan 
>>> Popp
>>> Sent: dinsdag 18 augustus 2009 20:51
>>> To: Half-Life dedicated Linux server mailing list
>>> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format 
>>> String Vulnerability
>>>
>>> The wish is currently present ;)
>>>
>>> Due a lot of stuff valve didnt managed the right way ;)
>>> 1. bad code and many ways to crash servers from client side
>>> 2. changing engine stuff without telling plugin developer about changes
>>> or any new sdk's
>>> 3. no statements about this and a lot of other points ;)
>>>
>>> there are a lot of reasons why i wish to get my money back, but i still
>>> hope that valve goes back to their roots and care about theire community 
>>> ;)
>>>
>>> Best regards,
>>> Stefan Popp
>>>
>>> Adam Nowacki schrieb:
>>>
>>>   
 You'd wish you never bought any Valve games the day this happens.

 Stefan Popp wrote:


 
> Sorry, but this must be corrected ;)
>
> -"Valve should start coding c++ with steams ;)"
> +"Valve should start coding c++ with streams ;)"
>
> Best regards,
> Stefan Popp
>
> Stefan Popp schrieb:
>
>
>   
>> Well,
>>
>> Valve should start coding c++ with steams ;)
>> Who works with printfs today?
>>
>> I hope Valve will fix the whole source to prevent overflows.
>> C++ is you friend, not old C stuff...
>>
>> Best regards,
>> Stefan Popp
>>
>>
>> Claudio Beretta schrieb:
>>
>>
>>
>> 
>>> Thanks, anyone knows if a workaround is available?
>>>
>>> BTW: aren't "security researchers" supposed to contact the developers 
>>> before
>>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in 
>>> a few
>>> weeks -.-
>>>
>>>
>>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  
>>> wrote:
>>>
>>>
>>>
>>>
>>>
>>>   
 A friend forwarded me this info regarding a vulnerability.  I am 
 unable to
 test this at the moment, but it does look like it is possible. 
 Thought I
 would get this out to the community before others start using this 
 to cause
 havoc.

  http://www.vupen.com/english/advisories/2009/2296
 

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Oliver Salzburg]

If you have problems distributing a C++ application that is build
against standardized parts of C++, then you must be doing something
wrong, my friend.
If you have so many linkage problems, try linking statically.
If you already have problems on a source level, the preprocessor
is your friend.

And I also notice that some people on this thread seem to confuse
the STL and the C++ runtime a lot. That is quite confusing.
If the portability of the STL is actually the problem you could
always use STLPort.

I would assume that a program written in C might be more portable
than if it was written in C++. But it is of course a tradeoff.
Cause above mentioned streams will take a lot off your hands, for
the price of possibly consuming more resources. But you also
don't have to care about buffer sizes.

And nobody is stopping you from using printf in a C++ program anyway.
So this really is not so much about C vs C++ than it is about
programming practices.
One way or another. If you have allocated 1024 bytes for a buffer,
don't write 1025...

Saul Rennison wrote:
> I never said there was an issue compiling it. You will find that other  
> systems use different library versions for STL, surprisingly, and  
> cause linkage issues. I know this as I've tried distributing C++  
> Windows / Linux apps which use STL and it's a headache. I'm only  
> talking from first hand experiance.
>
> With Windows as I'm sure you'll know, STL is held in msvc8.dll (can't  
> remember the exact name) or maybe in CRT, I'm unsure, but that DLL is  
> distributed with your application and everyone uses the same binary.  
> In Windows, that is. In Linux it's a whole different story.
>
> Thanks,
> - Saul.
>
> On 18 Aug 2009, at 22:23, Stefan Popp  wrote:
>
>   
>> Sry, are you serious? I mean, are you serious?
>> STL = Standard template library
>>
>> You are serious we are talking 100% that?
>> If you really mean its not portable, you should buy a book about C++.
>>
>> For myself i prefer "Bjarne Stroustrup's C++"
>> STL is a part of C++. Every C++ compiler should understand it, because
>> STL is a standard part of C++ since 1993!
>> Which compiler did you use, that makes so many problems to port you're
>> application to other linux dist. or other operating systems?
>>
>> Best regards,
>> Stefan Popp
>>
>>
>> Saul Rennison schrieb
>> 
>>> If you knew anything about C++ you'd understand how unportable STL is
>>> across various Linux distributions, and how impossible it is to
>>> statically link it into the code.
>>>
>>> Thanks,
>>> - Saul.
>>>
>>> On 18 Aug 2009, at 21:03, Stefan Popp  wrote:
>>>
>>>
>>>   
 Thats not right ;)

 The programming language is the problem in this case. Why should i
 write
 my code with functions that shouldnt be used with C++?
 C++ works with the stdlib, which means streams. Not C stuff. So its
 finally up to Valve to write programs which follows C++ standards
 not C.
 You cant trust your users as programmer. Its up to us, to make the
 source safe, and if the projecttime needs 2 weeks more, you should
 spend
 the time.


 Ronny Schedel schrieb:

 
> The problem is not the programming language, the problem is that
> Valve trust
> their game clients too much.
>
>
>
>
>   
>> Well,
>>
>> Valve should start coding c++ with steams ;)
>> Who works with printfs today?
>>
>> I hope Valve will fix the whole source to prevent overflows.
>> C++ is you friend, not old C stuff...
>>
>> Best regards,
>> Stefan Popp
>>
>>
>> Claudio Beretta schrieb:
>>
>>
>> 
>>> Thanks, anyone knows if a workaround is available?
>>>
>>> BTW: aren't "security researchers" supposed to contact the
>>> developers
>>> before
>>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi
>>> in a
>>> few
>>> weeks -.-
>>>
>>>
>>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes >>
>>> wrote:
>>>
>>>
>>>
>>>
>>>   
 A friend forwarded me this info regarding a vulnerability.  I am
 unable
 to
 test this at the moment, but it does look like it is possible.
 Thought
 I
 would get this out to the community before others start using
 this to
 cause
 havoc.

 http://www.vupen.com/english/advisories/2009/2296
 http://aluigi.altervista.org/adv/sourcefs-adv.txt

 Morgan Humes
 ___
 To unsubscribe, edit your list preferences, or view the list
 archives,
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux




 
>>> ___
>>> To unsubscribe, edit your li

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

Company == Support

Its non-sense how many users you have. Look at Mircrosoft or anyone 
else. Small, medium, big... makes no sense for the costumer. If i make a 
product, i have to support it.
If the "EULA" doesnt contain anything about support expiration, i call 
the support all time i need it.

If i have to pay for support, why not? I have no problems to give some 
dollars to a company for helping me ;)
But i hate if anyone saying "uuhh, support cost so much :x". If you 
hasnt the resource to support your own project, leave it ;)
And yeah, i know a lot of companys which supports their products for 
over 10 years, without any question. Thats what we call "quality 
management 
" in germany.
Not the price is relevant for me, its the ethic behind a product. How i 
ship a product, how i support and how i take care about my customers ;)
I pay hundreds of euros per year for support of my IDE licenses and 
stuff around my IDE, server managment etc. And i will still pay the next 
3 centurys for it if the support is good!

Best regards,
Stefan Popp

Evaldas Žilinskas schrieb:
> Oh… Show me other company that still supports 10 year old games like 
> Half-Life, by providing community integration, Russian walk prevention and 
> exploit fixing updates? Maybe EA :-)? These things cost money and they are 
> not responsible because of some of dumb players, trying to use found game 
> exploits as a cheat or as a way to hack something. They do their best and I’m 
> sure about that. More customers you have, more exploits and bugs will be 
> found. And… making a dialogue with everyone – it’s impossible. I own a 
> company with only a few thousand customers and even then it’s hard to 
> maintain everyone. How many customers VALVe has?
>
> players,
> server admins,
> source engine owners,
> third party mod developers,
> cybercafé owners,
> content resellers,
> steam store sellers…
>
> Hey Alfred, I’ve found a bug, answer me! Believe me – NOT so easy!
>
>
> Evaldas,
> GameConnect, Lithuania
> www.gameconnect.lt
>
>
> - Original Message - 
> From: "Stefan Popp" 
> To: "Half-Life dedicated Linux server mailing list" 
> 
> Sent: Tuesday, August 18, 2009 10:37 PM
> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
> Vulnerability
>
>
>   
>> Wheres the point?
>>
>> Its their product, and they have to support the product. If i code any
>> application and i wait 4 weeks (or more :P) until i fix anything for my
>> customers, i can go directly to die.
>> I never said valve didnt support their products, but the point is, how
>> they do that. And the royal way of support is fast fixing of bugs, and
>> if providing sdk's, updating the materials around. And currently i think
>> Valve makes bad support. Maybe, they kicked some programmers or
>> somethin? But as customer i didnt care about their resources, i only
>> care about theire reaction times if i got problems ;) or?
>>
>> Saint K. schrieb:
>> 
>>> Imo VALVe is still the only one who cares and interacts so much with 
>>> their community. Yes they have their flaws, and they can be ugly at 
>>> times, but hey, what other dev mails you straight away when you report a 
>>> bug to resolve it? So far this only happends to me with VALVe. From other 
>>> devs u should thank god on your knees to ever get any response at all.
>>>
>>> The games are worth their money, and the suport on their games is 
>>> insanely long.
>>>
>>> VALVe still has and will continue to have my support.
>>>
>>> Saint K.
>>> -Original Message-
>>> From: hlds_linux-boun...@list.valvesoftware.com 
>>> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Stefan 
>>> Popp
>>> Sent: dinsdag 18 augustus 2009 20:51
>>> To: Half-Life dedicated Linux server mailing list
>>> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format 
>>> String Vulnerability
>>>
>>> The wish is currently present ;)
>>>
>>> Due a lot of stuff valve didnt managed the right way ;)
>>> 1. bad code and many ways to crash servers from client side
>>> 2. changing engine stuff without telling plugin developer about changes
>>> or any new sdk's
>>> 3. no statements about this and a lot of other points ;)
>>>
>>> there are a lot of reasons why i wish to get my money back, but i still
>>> hope that valve goes back to their roots and care about theire community 
>>> ;)
>>>
>>> Best regards,
>>> Stefan Popp
>>>
>>> Adam Nowacki schrieb:
>>>
>>>   
 You'd wish you never bought any Valve games the day this happens.

 Stefan Popp wrote:


 
> Sorry, but this must be corrected ;)
>
> -"Valve should start coding c++ with steams ;)"
> +"Valve should start coding c++ with streams ;)"
>
> Best regards,
> Stefan Popp
>
> Stefan Popp schrieb:
>
>
>   
>> Well,
>>
>> Valve should start coding c++ with steams ;)
>> Who works with printfs 

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Evaldas Žilinskas]

Oh… Show me other company that still supports 10 year old games like 
Half-Life, by providing community integration, Russian walk prevention and 
exploit fixing updates? Maybe EA :-)? These things cost money and they are 
not responsible because of some of dumb players, trying to use found game 
exploits as a cheat or as a way to hack something. They do their best and I’m 
sure about that. More customers you have, more exploits and bugs will be 
found. And… making a dialogue with everyone – it’s impossible. I own a 
company with only a few thousand customers and even then it’s hard to 
maintain everyone. How many customers VALVe has?

players,
server admins,
source engine owners,
third party mod developers,
cybercafé owners,
content resellers,
steam store sellers…

Hey Alfred, I’ve found a bug, answer me! Believe me – NOT so easy!


Evaldas,
GameConnect, Lithuania
www.gameconnect.lt


- Original Message - 
From: "Stefan Popp" 
To: "Half-Life dedicated Linux server mailing list" 

Sent: Tuesday, August 18, 2009 10:37 PM
Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
Vulnerability


> Wheres the point?
>
> Its their product, and they have to support the product. If i code any
> application and i wait 4 weeks (or more :P) until i fix anything for my
> customers, i can go directly to die.
> I never said valve didnt support their products, but the point is, how
> they do that. And the royal way of support is fast fixing of bugs, and
> if providing sdk's, updating the materials around. And currently i think
> Valve makes bad support. Maybe, they kicked some programmers or
> somethin? But as customer i didnt care about their resources, i only
> care about theire reaction times if i got problems ;) or?
>
> Saint K. schrieb:
>> Imo VALVe is still the only one who cares and interacts so much with 
>> their community. Yes they have their flaws, and they can be ugly at 
>> times, but hey, what other dev mails you straight away when you report a 
>> bug to resolve it? So far this only happends to me with VALVe. From other 
>> devs u should thank god on your knees to ever get any response at all.
>>
>> The games are worth their money, and the suport on their games is 
>> insanely long.
>>
>> VALVe still has and will continue to have my support.
>>
>> Saint K.
>> -Original Message-
>> From: hlds_linux-boun...@list.valvesoftware.com 
>> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Stefan 
>> Popp
>> Sent: dinsdag 18 augustus 2009 20:51
>> To: Half-Life dedicated Linux server mailing list
>> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format 
>> String Vulnerability
>>
>> The wish is currently present ;)
>>
>> Due a lot of stuff valve didnt managed the right way ;)
>> 1. bad code and many ways to crash servers from client side
>> 2. changing engine stuff without telling plugin developer about changes
>> or any new sdk's
>> 3. no statements about this and a lot of other points ;)
>>
>> there are a lot of reasons why i wish to get my money back, but i still
>> hope that valve goes back to their roots and care about theire community 
>> ;)
>>
>> Best regards,
>> Stefan Popp
>>
>> Adam Nowacki schrieb:
>>
>>> You'd wish you never bought any Valve games the day this happens.
>>>
>>> Stefan Popp wrote:
>>>
>>>
 Sorry, but this must be corrected ;)

 -"Valve should start coding c++ with steams ;)"
 +"Valve should start coding c++ with streams ;)"

 Best regards,
 Stefan Popp

 Stefan Popp schrieb:


> Well,
>
> Valve should start coding c++ with steams ;)
> Who works with printfs today?
>
> I hope Valve will fix the whole source to prevent overflows.
> C++ is you friend, not old C stuff...
>
> Best regards,
> Stefan Popp
>
>
> Claudio Beretta schrieb:
>
>
>
>> Thanks, anyone knows if a workaround is available?
>>
>> BTW: aren't "security researchers" supposed to contact the developers 
>> before
>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in 
>> a few
>> weeks -.-
>>
>>
>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  
>> wrote:
>>
>>
>>
>>
>>
>>> A friend forwarded me this info regarding a vulnerability.  I am 
>>> unable to
>>> test this at the moment, but it does look like it is possible. 
>>> Thought I
>>> would get this out to the community before others start using this 
>>> to cause
>>> havoc.
>>>
>>>  http://www.vupen.com/english/advisories/2009/2296
>>>  http://aluigi.altervista.org/adv/sourcefs-adv.txt
>>>
>>> Morgan Humes
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list 
>>> archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>>>
>>>
>>>
>> 

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

Well,

sometimes i got some problems with librarys, but with some tweaks my 
stuff works to 95% on every linux machine. I dont know how you code and 
compile static stuff,
but my/our programs works fine for over 35k customers ;)

Best regards,
Stefan Popp

Saul Rennison schrieb:
> Using STL in open-source projects is fine as the system can compile  
> binaries which link into their libraries. With closed source however,  
> you are distributing binaries which link with libraries on YOUR  
> machine, which may not be the same on others.
>
> Thanks,
> - Saul.
>
> On 18 Aug 2009, at 22:23, Stefan Popp  wrote:
>
>   
>> Sry, are you serious? I mean, are you serious?
>> STL = Standard template library
>>
>> You are serious we are talking 100% that?
>> If you really mean its not portable, you should buy a book about C++.
>>
>> For myself i prefer "Bjarne Stroustrup's C++"
>> STL is a part of C++. Every C++ compiler should understand it, because
>> STL is a standard part of C++ since 1993!
>> Which compiler did you use, that makes so many problems to port you're
>> application to other linux dist. or other operating systems?
>>
>> Best regards,
>> Stefan Popp
>>
>>
>> Saul Rennison schrieb
>> 
>>> If you knew anything about C++ you'd understand how unportable STL is
>>> across various Linux distributions, and how impossible it is to
>>> statically link it into the code.
>>>
>>> Thanks,
>>> - Saul.
>>>
>>> On 18 Aug 2009, at 21:03, Stefan Popp  wrote:
>>>
>>>
>>>   
 Thats not right ;)

 The programming language is the problem in this case. Why should i
 write
 my code with functions that shouldnt be used with C++?
 C++ works with the stdlib, which means streams. Not C stuff. So its
 finally up to Valve to write programs which follows C++ standards
 not C.
 You cant trust your users as programmer. Its up to us, to make the
 source safe, and if the projecttime needs 2 weeks more, you should
 spend
 the time.


 Ronny Schedel schrieb:

 
> The problem is not the programming language, the problem is that
> Valve trust
> their game clients too much.
>
>
>
>
>   
>> Well,
>>
>> Valve should start coding c++ with steams ;)
>> Who works with printfs today?
>>
>> I hope Valve will fix the whole source to prevent overflows.
>> C++ is you friend, not old C stuff...
>>
>> Best regards,
>> Stefan Popp
>>
>>
>> Claudio Beretta schrieb:
>>
>>
>> 
>>> Thanks, anyone knows if a workaround is available?
>>>
>>> BTW: aren't "security researchers" supposed to contact the
>>> developers
>>> before
>>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi
>>> in a
>>> few
>>> weeks -.-
>>>
>>>
>>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes >>
>>> wrote:
>>>
>>>
>>>
>>>
>>>   
 A friend forwarded me this info regarding a vulnerability.  I am
 unable
 to
 test this at the moment, but it does look like it is possible.
 Thought
 I
 would get this out to the community before others start using
 this to
 cause
 havoc.

 http://www.vupen.com/english/advisories/2009/2296
 http://aluigi.altervista.org/adv/sourcefs-adv.txt

 Morgan Humes
 ___
 To unsubscribe, edit your list preferences, or view the list
 archives,
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux




 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list
>>> archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>>>
>>>   
>> ___
>> To unsubscribe, edit your list preferences, or view the list
>> archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>>
>> 
> ___
> To unsubscribe, edit your list preferences, or view the list
> archives, please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
>   
 ___
 To unsubscribe, edit your list preferences, or view the list
 archives, please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux

 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list  
>>> archives, please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_l

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Saul Rennison]

Using STL in open-source projects is fine as the system can compile  
binaries which link into their libraries. With closed source however,  
you are distributing binaries which link with libraries on YOUR  
machine, which may not be the same on others.

Thanks,
- Saul.

On 18 Aug 2009, at 22:23, Stefan Popp  wrote:

> Sry, are you serious? I mean, are you serious?
> STL = Standard template library
>
> You are serious we are talking 100% that?
> If you really mean its not portable, you should buy a book about C++.
>
> For myself i prefer "Bjarne Stroustrup's C++"
> STL is a part of C++. Every C++ compiler should understand it, because
> STL is a standard part of C++ since 1993!
> Which compiler did you use, that makes so many problems to port you're
> application to other linux dist. or other operating systems?
>
> Best regards,
> Stefan Popp
>
>
> Saul Rennison schrieb
>> If you knew anything about C++ you'd understand how unportable STL is
>> across various Linux distributions, and how impossible it is to
>> statically link it into the code.
>>
>> Thanks,
>> - Saul.
>>
>> On 18 Aug 2009, at 21:03, Stefan Popp  wrote:
>>
>>
>>> Thats not right ;)
>>>
>>> The programming language is the problem in this case. Why should i
>>> write
>>> my code with functions that shouldnt be used with C++?
>>> C++ works with the stdlib, which means streams. Not C stuff. So its
>>> finally up to Valve to write programs which follows C++ standards
>>> not C.
>>> You cant trust your users as programmer. Its up to us, to make the
>>> source safe, and if the projecttime needs 2 weeks more, you should
>>> spend
>>> the time.
>>>
>>>
>>> Ronny Schedel schrieb:
>>>
 The problem is not the programming language, the problem is that
 Valve trust
 their game clients too much.




> Well,
>
> Valve should start coding c++ with steams ;)
> Who works with printfs today?
>
> I hope Valve will fix the whole source to prevent overflows.
> C++ is you friend, not old C stuff...
>
> Best regards,
> Stefan Popp
>
>
> Claudio Beretta schrieb:
>
>
>> Thanks, anyone knows if a workaround is available?
>>
>> BTW: aren't "security researchers" supposed to contact the
>> developers
>> before
>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi
>> in a
>> few
>> weeks -.-
>>
>>
>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes >
>> wrote:
>>
>>
>>
>>
>>> A friend forwarded me this info regarding a vulnerability.  I am
>>> unable
>>> to
>>> test this at the moment, but it does look like it is possible.
>>> Thought
>>> I
>>> would get this out to the community before others start using
>>> this to
>>> cause
>>> havoc.
>>>
>>> http://www.vupen.com/english/advisories/2009/2296
>>> http://aluigi.altervista.org/adv/sourcefs-adv.txt
>>>
>>> Morgan Humes
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list
>>> archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>>>
>>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list
>> archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>>
> ___
> To unsubscribe, edit your list preferences, or view the list
> archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
>
 ___
 To unsubscribe, edit your list preferences, or view the list
 archives, please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux


>>> ___
>>> To unsubscribe, edit your list preferences, or view the list
>>> archives, please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list  
>> archives, please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list  
> archives, please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Saul Rennison]

I never said there was an issue compiling it. You will find that other  
systems use different library versions for STL, surprisingly, and  
cause linkage issues. I know this as I've tried distributing C++  
Windows / Linux apps which use STL and it's a headache. I'm only  
talking from first hand experiance.

With Windows as I'm sure you'll know, STL is held in msvc8.dll (can't  
remember the exact name) or maybe in CRT, I'm unsure, but that DLL is  
distributed with your application and everyone uses the same binary.  
In Windows, that is. In Linux it's a whole different story.

Thanks,
- Saul.

On 18 Aug 2009, at 22:23, Stefan Popp  wrote:

> Sry, are you serious? I mean, are you serious?
> STL = Standard template library
>
> You are serious we are talking 100% that?
> If you really mean its not portable, you should buy a book about C++.
>
> For myself i prefer "Bjarne Stroustrup's C++"
> STL is a part of C++. Every C++ compiler should understand it, because
> STL is a standard part of C++ since 1993!
> Which compiler did you use, that makes so many problems to port you're
> application to other linux dist. or other operating systems?
>
> Best regards,
> Stefan Popp
>
>
> Saul Rennison schrieb
>> If you knew anything about C++ you'd understand how unportable STL is
>> across various Linux distributions, and how impossible it is to
>> statically link it into the code.
>>
>> Thanks,
>> - Saul.
>>
>> On 18 Aug 2009, at 21:03, Stefan Popp  wrote:
>>
>>
>>> Thats not right ;)
>>>
>>> The programming language is the problem in this case. Why should i
>>> write
>>> my code with functions that shouldnt be used with C++?
>>> C++ works with the stdlib, which means streams. Not C stuff. So its
>>> finally up to Valve to write programs which follows C++ standards
>>> not C.
>>> You cant trust your users as programmer. Its up to us, to make the
>>> source safe, and if the projecttime needs 2 weeks more, you should
>>> spend
>>> the time.
>>>
>>>
>>> Ronny Schedel schrieb:
>>>
 The problem is not the programming language, the problem is that
 Valve trust
 their game clients too much.




> Well,
>
> Valve should start coding c++ with steams ;)
> Who works with printfs today?
>
> I hope Valve will fix the whole source to prevent overflows.
> C++ is you friend, not old C stuff...
>
> Best regards,
> Stefan Popp
>
>
> Claudio Beretta schrieb:
>
>
>> Thanks, anyone knows if a workaround is available?
>>
>> BTW: aren't "security researchers" supposed to contact the
>> developers
>> before
>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi
>> in a
>> few
>> weeks -.-
>>
>>
>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes >
>> wrote:
>>
>>
>>
>>
>>> A friend forwarded me this info regarding a vulnerability.  I am
>>> unable
>>> to
>>> test this at the moment, but it does look like it is possible.
>>> Thought
>>> I
>>> would get this out to the community before others start using
>>> this to
>>> cause
>>> havoc.
>>>
>>> http://www.vupen.com/english/advisories/2009/2296
>>> http://aluigi.altervista.org/adv/sourcefs-adv.txt
>>>
>>> Morgan Humes
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list
>>> archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>>>
>>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list
>> archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>>
> ___
> To unsubscribe, edit your list preferences, or view the list
> archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
>
 ___
 To unsubscribe, edit your list preferences, or view the list
 archives, please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux


>>> ___
>>> To unsubscribe, edit your list preferences, or view the list
>>> archives, please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list  
>> archives, please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list  
> archives, please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list pref

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Darren M]

While trivial for someone who knows what they are doing to edit the
code, rebuild and most likely bypass this, the following iptables rule
will drop the exploit as provided for me (tested on a hl2 deathmatch
and cstrike:source server)

# log it
 iptables -A INPUT -p udp --dport 27015 -m string --hex-string
"|dc4adc4adc4adc4adc4a|" --algo bm -j LOG --log-level info --log-prefix
"Valve Disconnect DoS :: "

# drop it
 iptables -A INPUT -p udp --dport 27015 -m string
--hex-string "|dc4adc4adc4adc4adc4a|" --algo bm -j DROP

If you've got someone being cute and DoS'ing your machine over and over
with the same packets you can use this approach to block it pretty
easily.

If the above isn't working and you suspect the packets are not the
default from the provided website/exploit info, you can find the packet
that matches by starting the server, then running strace against it
until it crashes, then tailing the output file (4225 being an example
pid here)

 strace -f -v -s 5000 -o server.strace.txt -xx -p 4225

Once the server crashes, strace should exit (ctrl+C out otherwise) and
look at the last few lines before the segfault:

 tail server.strace.txt

You should see something like the following:

649   gettimeofday({1250624185, 558633}, NULL) = 0
649   recvfrom(4,
"\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\xc8\x59\x80\x52\x31\xc6\xf6\x95\xe6\x46\x57\x26\x07\xf7\xe5\x06\x37\x36\x07\x00\x03\x30\xc6\xf6\x95\xe6\x46\x57\x26\x07\xf7\xc6\x16\x46\x57\x06\x10\x03\x30\xc6\xf6\x05\x27\x57\x46\x96\x36\x46\x07\x10\x03\x30\xc6\xf6\x95\xe6\x46\x57\x26\x07\xf7\x25\x17\x46\x97\xf6\x06\x20\x03\x30\xc6\xf6\x45\x57\x16\xd6\x06\x40\x56\x66\x16\x56\xc7\x46\x07\x30\xc6\xf6\x35\xc6\x16\x36\x37\x07\x40\x56\x66\x16\x56\xc7\x46\x07\x50\xe6\x76\xc6\x96\x36\x87\x06\x10\x03\x30\xc6\xf6\x05\x27\x57\x46\x96\x36\x46\x77\x57\x16\x06\xf7\xe6\x36\x07\x10\x03\x30\xc6\xf6\xc5\x16\x76\x36\xf6\xd6\x06\x57\xe6\x36\x17\x46\x97\xf6\xe6\x06\x10\x03\x30\xc6\xf6\x15\x56\x47\xf7\x76\x57\x06\x37\x77\x97\x46\x37\x86\x06\x10\x03\x30\xc6\xf6\x15\x56\x47\xf7\x86\x56\xc6\x06\x07\x10\x03\x30\xc6\xf6\x35\x07\x57\x36\xf6\xd5\xf6\x46\x56\x06\x50\x03\x60\xf7\x96\x36\x56\xf6\xc5\xf6\xf6\x06\x27\x16\x36\xb6\x06\x00\x03\x30\xc6\xf6\x95\xe6\x46\x57\x26\x07\x07\x00\xe3\x02\x23\x03\x30\xc6\xf6\x36\x57\x36\x16\x06\x47\x97\xf6\xe6\x06\x00\x03\x30\xc6\xf6\xc5\x16\xe6\x76\x56\x17\x76\x56\x06\x50\xe6\x76\xc6\x96\x36\x87\x06\x40\x67\xf7\xe5\xf6\x36\x86\x16\x46\x07\x00\x03\x30\xc6\xf6\x55\x07\x47\x16\x46\x57\x26\x17\x46\x57\x06\x10\x03\x03\x03\x30\xc6\xf6\x35\xd6\x46\x26\x17\x46\x57\x06\x10\x03\x03\x03\x20\x17\x46\x57\x06\x20\x03\x03\x03\x03\x03\xe0\x16\xd6\x56\x06\x50\xe7\xe6\x16\xd6\x56\x46\x06\x10\x4a\xe6\x4a\xe6\x4a\xe6\x4a\xe6\x4a\xe6\x4a\xdc\x4a\xdc\x4a\xdc\x4a\xdc\x4a\xdc\x4a\xdc\x00\x00",
96016, 0, {sa_family=AF_INET, sin_port=htons(4966),
sin_addr=inet_addr("12.34.56.78")}, [16]) = 372
649   --- SIGSEGV (Segmentation fault) @ 0 (0) ---
661   +++ killed by SIGSEGV +++

I just chose a little bit from the end of the received bad to match
after verifying it was always the same data.

Hopefully this is fixed soon though since it should be a super easy fix
and this sort of hackery is far from optimal.

~Darren


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] L4D forks keep crashing

[Jay Deiman]

Ronny Schedel wrote:
> The crashes occur on a vanilla server.

Yeah, I will second that (again).  It seems to be fairly random as well.

Jay

-- 
Jay Deiman

\033:wq!

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

Sry, are you serious? I mean, are you serious?
STL = Standard template library

You are serious we are talking 100% that?
If you really mean its not portable, you should buy a book about C++.

For myself i prefer "Bjarne Stroustrup's C++"
STL is a part of C++. Every C++ compiler should understand it, because 
STL is a standard part of C++ since 1993!
Which compiler did you use, that makes so many problems to port you're 
application to other linux dist. or other operating systems?

Best regards,
Stefan Popp


Saul Rennison schrieb
> If you knew anything about C++ you'd understand how unportable STL is  
> across various Linux distributions, and how impossible it is to  
> statically link it into the code.
>
> Thanks,
> - Saul.
>
> On 18 Aug 2009, at 21:03, Stefan Popp  wrote:
>
>   
>> Thats not right ;)
>>
>> The programming language is the problem in this case. Why should i  
>> write
>> my code with functions that shouldnt be used with C++?
>> C++ works with the stdlib, which means streams. Not C stuff. So its
>> finally up to Valve to write programs which follows C++ standards  
>> not C.
>> You cant trust your users as programmer. Its up to us, to make the
>> source safe, and if the projecttime needs 2 weeks more, you should  
>> spend
>> the time.
>>
>>
>> Ronny Schedel schrieb:
>> 
>>> The problem is not the programming language, the problem is that  
>>> Valve trust
>>> their game clients too much.
>>>
>>>
>>>
>>>   
 Well,

 Valve should start coding c++ with steams ;)
 Who works with printfs today?

 I hope Valve will fix the whole source to prevent overflows.
 C++ is you friend, not old C stuff...

 Best regards,
 Stefan Popp


 Claudio Beretta schrieb:

 
> Thanks, anyone knows if a workaround is available?
>
> BTW: aren't "security researchers" supposed to contact the  
> developers
> before
> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi  
> in a
> few
> weeks -.-
>
>
> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes    
> wrote:
>
>
>
>   
>> A friend forwarded me this info regarding a vulnerability.  I am  
>> unable
>> to
>> test this at the moment, but it does look like it is possible.   
>> Thought
>> I
>> would get this out to the community before others start using  
>> this to
>> cause
>> havoc.
>>
>> http://www.vupen.com/english/advisories/2009/2296
>> http://aluigi.altervista.org/adv/sourcefs-adv.txt
>>
>> Morgan Humes
>> ___
>> To unsubscribe, edit your list preferences, or view the list  
>> archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>>
>> 
> ___
> To unsubscribe, edit your list preferences, or view the list  
> archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
>   
 ___
 To unsubscribe, edit your list preferences, or view the list  
 archives,
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux


 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list  
>>> archives, please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>   
>> ___
>> To unsubscribe, edit your list preferences, or view the list  
>> archives, please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> 
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>   


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Saul Rennison]

Didn't they use ASM (at least in the Source Engine leak, but that's  
very outdated, not to mentioned possibly illegal) for the Sound Engine  
and parts of mathlib?

Thanks,
- Saul.

On 18 Aug 2009, at 21:53, Gary Stanley   
wrote:

> At 03:36 PM 8/18/2009, Ronny Schedel wrote:
>
>> It's not forbidden to mix diffent programming languages, I am sure  
>> they also
>> use Assembler codes. The problem can also occur in C++, because  
>> they trust
>> the client that it sends a valid string, but it can send anything.
>
>
> They only use assembly code to in startup to get the CPU MHZ via 2
> calls to rdtsc.
>
>
>
>
>>> Thats not right ;)
>>>
>>> The programming language is the problem in this case. Why should i  
>>> write
>>> my code with functions that shouldnt be used with C++?
>>> C++ works with the stdlib, which means streams. Not C stuff. So its
>>> finally up to Valve to write programs which follows C++ standards  
>>> not C.
>>> You cant trust your users as programmer. Its up to us, to make the
>>> source safe, and if the projecttime needs 2 weeks more, you should  
>>> spend
>>> the time.
>>>
>>>
>>> Ronny Schedel schrieb:
 The problem is not the programming language, the problem is that  
 Valve
 trust
 their game clients too much.



> Well,
>
> Valve should start coding c++ with steams ;)
> Who works with printfs today?
>
> I hope Valve will fix the whole source to prevent overflows.
> C++ is you friend, not old C stuff...
>
> Best regards,
> Stefan Popp
>
>
> Claudio Beretta schrieb:
>
>> Thanks, anyone knows if a workaround is available?
>>
>> BTW: aren't "security researchers" supposed to contact the  
>> developers
>> before
>> releasing 0-day exploits?This is the 2nd 0-day exploy from  
>> aluigi in a
>> few
>> weeks -.-
>>
>>
>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes > >
>> wrote:
>>
>>
>>
>>> A friend forwarded me this info regarding a vulnerability.  I am
>>> unable
>>> to
>>> test this at the moment, but it does look like it is possible.
>>> Thought
>>> I
>>> would get this out to the community before others start using  
>>> this to
>>> cause
>>> havoc.
>>>
>>> http://www.vupen.com/english/advisories/2009/2296
>>> http://aluigi.altervista.org/adv/sourcefs-adv.txt
>>>
>>> Morgan Humes
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list  
>>> archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list  
>> archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
> ___
> To unsubscribe, edit your list preferences, or view the list  
> archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>


 ___
 To unsubscribe, edit your list preferences, or view the list  
 archives,
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux

>>>
>>>
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list  
>>> archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list
>> archives, please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list  
> archives, please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Marcel]

Ronny Schedel wrote:
> The problem is not the programming language, the problem is that Valve trust 
> their game clients too much.


Glad you haven't seen any code from Korean MMORPGs ;)

marcel

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Saul Rennison]

If you knew anything about C++ you'd understand how unportable STL is  
across various Linux distributions, and how impossible it is to  
statically link it into the code.

Thanks,
- Saul.

On 18 Aug 2009, at 21:03, Stefan Popp  wrote:

> Thats not right ;)
>
> The programming language is the problem in this case. Why should i  
> write
> my code with functions that shouldnt be used with C++?
> C++ works with the stdlib, which means streams. Not C stuff. So its
> finally up to Valve to write programs which follows C++ standards  
> not C.
> You cant trust your users as programmer. Its up to us, to make the
> source safe, and if the projecttime needs 2 weeks more, you should  
> spend
> the time.
>
>
> Ronny Schedel schrieb:
>> The problem is not the programming language, the problem is that  
>> Valve trust
>> their game clients too much.
>>
>>
>>
>>> Well,
>>>
>>> Valve should start coding c++ with steams ;)
>>> Who works with printfs today?
>>>
>>> I hope Valve will fix the whole source to prevent overflows.
>>> C++ is you friend, not old C stuff...
>>>
>>> Best regards,
>>> Stefan Popp
>>>
>>>
>>> Claudio Beretta schrieb:
>>>
 Thanks, anyone knows if a workaround is available?

 BTW: aren't "security researchers" supposed to contact the  
 developers
 before
 releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi  
 in a
 few
 weeks -.-


 On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes >>> >
 wrote:



> A friend forwarded me this info regarding a vulnerability.  I am  
> unable
> to
> test this at the moment, but it does look like it is possible.   
> Thought
> I
> would get this out to the community before others start using  
> this to
> cause
> havoc.
>
> http://www.vupen.com/english/advisories/2009/2296
> http://aluigi.altervista.org/adv/sourcefs-adv.txt
>
> Morgan Humes
> ___
> To unsubscribe, edit your list preferences, or view the list  
> archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
>
 ___
 To unsubscribe, edit your list preferences, or view the list  
 archives,
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux


>>> ___
>>> To unsubscribe, edit your list preferences, or view the list  
>>> archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list  
>> archives, please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list  
> archives, please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Gary Stanley]

At 03:36 PM 8/18/2009, Ronny Schedel wrote:

>It's not forbidden to mix diffent programming languages, I am sure they also
>use Assembler codes. The problem can also occur in C++, because they trust
>the client that it sends a valid string, but it can send anything.


They only use assembly code to in startup to get the CPU MHZ via 2 
calls to rdtsc.




> > Thats not right ;)
> >
> > The programming language is the problem in this case. Why should i write
> > my code with functions that shouldnt be used with C++?
> > C++ works with the stdlib, which means streams. Not C stuff. So its
> > finally up to Valve to write programs which follows C++ standards not C.
> > You cant trust your users as programmer. Its up to us, to make the
> > source safe, and if the projecttime needs 2 weeks more, you should spend
> > the time.
> >
> >
> > Ronny Schedel schrieb:
> >> The problem is not the programming language, the problem is that Valve
> >> trust
> >> their game clients too much.
> >>
> >>
> >>
> >>> Well,
> >>>
> >>> Valve should start coding c++ with steams ;)
> >>> Who works with printfs today?
> >>>
> >>> I hope Valve will fix the whole source to prevent overflows.
> >>> C++ is you friend, not old C stuff...
> >>>
> >>> Best regards,
> >>> Stefan Popp
> >>>
> >>>
> >>> Claudio Beretta schrieb:
> >>>
>  Thanks, anyone knows if a workaround is available?
> 
>  BTW: aren't "security researchers" supposed to contact the developers
>  before
>  releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a
>  few
>  weeks -.-
> 
> 
>  On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes 
>  wrote:
> 
> 
> 
> > A friend forwarded me this info regarding a vulnerability.  I am
> > unable
> > to
> > test this at the moment, but it does look like it is possible.
> > Thought
> > I
> > would get this out to the community before others start using this to
> > cause
> > havoc.
> >
> >  http://www.vupen.com/english/advisories/2009/2296
> >  http://aluigi.altervista.org/adv/sourcefs-adv.txt
> >
> > Morgan Humes
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> >
> >
>  ___
>  To unsubscribe, edit your list preferences, or view the list archives,
>  please visit:
>  http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 
> 
> >>> ___
> >>> To unsubscribe, edit your list preferences, or view the list archives,
> >>> please visit:
> >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>>
> >>>
> >>
> >>
> >> ___
> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
>
>___
>To unsubscribe, edit your list preferences, or view the list 
>archives, please visit:
>http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Gary Stanley]

At 03:36 PM 8/18/2009, Ronny Schedel wrote:

>It's not forbidden to mix diffent programming languages, I am sure they also
>use Assembler codes. The problem can also occur in C++, because they trust
>the client that it sends a valid string, but it can send anything.


They only use assembly code to in startup to get the CPU MHZ via 2 
calls to rdtsc.




> > Thats not right ;)
> >
> > The programming language is the problem in this case. Why should i write
> > my code with functions that shouldnt be used with C++?
> > C++ works with the stdlib, which means streams. Not C stuff. So its
> > finally up to Valve to write programs which follows C++ standards not C.
> > You cant trust your users as programmer. Its up to us, to make the
> > source safe, and if the projecttime needs 2 weeks more, you should spend
> > the time.
> >
> >
> > Ronny Schedel schrieb:
> >> The problem is not the programming language, the problem is that Valve
> >> trust
> >> their game clients too much.
> >>
> >>
> >>
> >>> Well,
> >>>
> >>> Valve should start coding c++ with steams ;)
> >>> Who works with printfs today?
> >>>
> >>> I hope Valve will fix the whole source to prevent overflows.
> >>> C++ is you friend, not old C stuff...
> >>>
> >>> Best regards,
> >>> Stefan Popp
> >>>
> >>>
> >>> Claudio Beretta schrieb:
> >>>
>  Thanks, anyone knows if a workaround is available?
> 
>  BTW: aren't "security researchers" supposed to contact the developers
>  before
>  releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a
>  few
>  weeks -.-
> 
> 
>  On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes 
>  wrote:
> 
> 
> 
> > A friend forwarded me this info regarding a vulnerability.  I am
> > unable
> > to
> > test this at the moment, but it does look like it is possible.
> > Thought
> > I
> > would get this out to the community before others start using this to
> > cause
> > havoc.
> >
> >  http://www.vupen.com/english/advisories/2009/2296
> >  http://aluigi.altervista.org/adv/sourcefs-adv.txt
> >
> > Morgan Humes
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> >
> >
>  ___
>  To unsubscribe, edit your list preferences, or view the list archives,
>  please visit:
>  http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 
> 
> >>> ___
> >>> To unsubscribe, edit your list preferences, or view the list archives,
> >>> please visit:
> >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>>
> >>>
> >>
> >>
> >> ___
> >> To unsubscribe, edit your list preferences, or view the list archives,
> >> please visit:
> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >>
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
>
>
>___
>To unsubscribe, edit your list preferences, or view the list 
>archives, please visit:
>http://list.valvesoftware.com/mailman/listinfo/hlds_linux


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] ProcessClientInfo: SourceTV can not connect to game directly crash

[Claudio Beretta]

because we want to avoid leaving the TV structure uninitialized


On Tue, Aug 18, 2009 at 9:41 PM, Nikolay Shopik  wrote:

> On 18.08.2009 23:19, Brian Rak wrote:
> > If you are seeing this, it's directly related to a new srcds exploit.
> > More info on it at
> http://aluigi.altervista.org/adv/sourcenotvnull-adv.txt
> >
> > The workaround for this is actually quite trivial.  Add "tv_enable 1" to
> > cfg/autoexec.cfg, and (optionally) "tv_enable 0" to server.cfg (You only
> > need tv_enable 0 if you don't want sourcetv)
> >
> Why just not -nohltv?
>
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] ProcessClientInfo: SourceTV can not connect to game directly crash

[Nikolay Shopik]

On 18.08.2009 23:19, Brian Rak wrote:
> If you are seeing this, it's directly related to a new srcds exploit.
> More info on it at http://aluigi.altervista.org/adv/sourcenotvnull-adv.txt
>
> The workaround for this is actually quite trivial.  Add "tv_enable 1" to
> cfg/autoexec.cfg, and (optionally) "tv_enable 0" to server.cfg (You only
> need tv_enable 0 if you don't want sourcetv)
>
Why just not -nohltv?


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

Wheres the point?

Its their product, and they have to support the product. If i code any 
application and i wait 4 weeks (or more :P) until i fix anything for my 
customers, i can go directly to die.
I never said valve didnt support their products, but the point is, how 
they do that. And the royal way of support is fast fixing of bugs, and 
if providing sdk's, updating the materials around. And currently i think 
Valve makes bad support. Maybe, they kicked some programmers or 
somethin? But as customer i didnt care about their resources, i only 
care about theire reaction times if i got problems ;) or?

Saint K. schrieb:
> Imo VALVe is still the only one who cares and interacts so much with their 
> community. Yes they have their flaws, and they can be ugly at times, but hey, 
> what other dev mails you straight away when you report a bug to resolve it? 
> So far this only happends to me with VALVe. From other devs u should thank 
> god on your knees to ever get any response at all.
>
> The games are worth their money, and the suport on their games is insanely 
> long.
>
> VALVe still has and will continue to have my support.
>
> Saint K.
> -Original Message-
> From: hlds_linux-boun...@list.valvesoftware.com 
> [mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Stefan Popp
> Sent: dinsdag 18 augustus 2009 20:51
> To: Half-Life dedicated Linux server mailing list
> Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
> Vulnerability
>
> The wish is currently present ;)
>
> Due a lot of stuff valve didnt managed the right way ;)
> 1. bad code and many ways to crash servers from client side
> 2. changing engine stuff without telling plugin developer about changes 
> or any new sdk's
> 3. no statements about this and a lot of other points ;)
>
> there are a lot of reasons why i wish to get my money back, but i still 
> hope that valve goes back to their roots and care about theire community ;)
>
> Best regards,
> Stefan Popp
>
> Adam Nowacki schrieb:
>   
>> You'd wish you never bought any Valve games the day this happens.
>>
>> Stefan Popp wrote:
>>   
>> 
>>> Sorry, but this must be corrected ;)
>>>
>>> -"Valve should start coding c++ with steams ;)"
>>> +"Valve should start coding c++ with streams ;)"
>>>
>>> Best regards,
>>> Stefan Popp
>>>
>>> Stefan Popp schrieb:
>>> 
>>>   
 Well,

 Valve should start coding c++ with steams ;)
 Who works with printfs today?

 I hope Valve will fix the whole source to prevent overflows.
 C++ is you friend, not old C stuff...

 Best regards,
 Stefan Popp


 Claudio Beretta schrieb:
   
   
 
> Thanks, anyone knows if a workaround is available?
>
> BTW: aren't "security researchers" supposed to contact the developers 
> before
> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a few
> weeks -.-
>
>
> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  
> wrote:
>
>   
> 
> 
>   
>> A friend forwarded me this info regarding a vulnerability.  I am unable 
>> to
>> test this at the moment, but it does look like it is possible.  Thought I
>> would get this out to the community before others start using this to 
>> cause
>> havoc.
>>
>>  http://www.vupen.com/english/advisories/2009/2296
>>  http://aluigi.altervista.org/adv/sourcefs-adv.txt
>>
>> Morgan Humes
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>> 
>>   
>>   
>> 
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>   
> 
> 
>   
 ___
 To unsubscribe, edit your list preferences, or view the list archives, 
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux
   
   
 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>>> 
>>>   
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>   
>> 
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
> No virus fou

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Ronny Schedel]

It's not forbidden to mix diffent programming languages, I am sure they also 
use Assembler codes. The problem can also occur in C++, because they trust 
the client that it sends a valid string, but it can send anything.


> Thats not right ;)
>
> The programming language is the problem in this case. Why should i write
> my code with functions that shouldnt be used with C++?
> C++ works with the stdlib, which means streams. Not C stuff. So its
> finally up to Valve to write programs which follows C++ standards not C.
> You cant trust your users as programmer. Its up to us, to make the
> source safe, and if the projecttime needs 2 weeks more, you should spend
> the time.
>
>
> Ronny Schedel schrieb:
>> The problem is not the programming language, the problem is that Valve 
>> trust
>> their game clients too much.
>>
>>
>>
>>> Well,
>>>
>>> Valve should start coding c++ with steams ;)
>>> Who works with printfs today?
>>>
>>> I hope Valve will fix the whole source to prevent overflows.
>>> C++ is you friend, not old C stuff...
>>>
>>> Best regards,
>>> Stefan Popp
>>>
>>>
>>> Claudio Beretta schrieb:
>>>
 Thanks, anyone knows if a workaround is available?

 BTW: aren't "security researchers" supposed to contact the developers
 before
 releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a
 few
 weeks -.-


 On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes 
 wrote:



> A friend forwarded me this info regarding a vulnerability.  I am 
> unable
> to
> test this at the moment, but it does look like it is possible. 
> Thought
> I
> would get this out to the community before others start using this to
> cause
> havoc.
>
>  http://www.vupen.com/english/advisories/2009/2296
>  http://aluigi.altervista.org/adv/sourcefs-adv.txt
>
> Morgan Humes
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
>
 ___
 To unsubscribe, edit your list preferences, or view the list archives,
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux


>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Adam Nowacki]

This 'C stuff' is actually part of the C++ standard library. Also using 
streams here would be like trying to eat spaghetti with a single stick 
... some will do it, others stick to the fork.

Stefan Popp wrote:
> Thats not right ;)
> 
> The programming language is the problem in this case. Why should i write 
> my code with functions that shouldnt be used with C++?
> C++ works with the stdlib, which means streams. Not C stuff. So its 
> finally up to Valve to write programs which follows C++ standards not C.
> You cant trust your users as programmer. Its up to us, to make the 
> source safe, and if the projecttime needs 2 weeks more, you should spend 
> the time.
> 
> 
> Ronny Schedel schrieb:
>> The problem is not the programming language, the problem is that Valve trust 
>> their game clients too much.
>>
>>
>>   
>>> Well,
>>>
>>> Valve should start coding c++ with steams ;)
>>> Who works with printfs today?
>>>
>>> I hope Valve will fix the whole source to prevent overflows.
>>> C++ is you friend, not old C stuff...
>>>
>>> Best regards,
>>> Stefan Popp
>>>
>>>
>>> Claudio Beretta schrieb:
>>> 
 Thanks, anyone knows if a workaround is available?

 BTW: aren't "security researchers" supposed to contact the developers 
 before
 releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a 
 few
 weeks -.-


 On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  
 wrote:


   
> A friend forwarded me this info regarding a vulnerability.  I am unable 
> to
> test this at the moment, but it does look like it is possible.  Thought 
> I
> would get this out to the community before others start using this to 
> cause
> havoc.
>
>  http://www.vupen.com/english/advisories/2009/2296
>  http://aluigi.altervista.org/adv/sourcefs-adv.txt
>
> Morgan Humes
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> 
 ___
 To unsubscribe, edit your list preferences, or view the list archives, 
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux

   
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>> 
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>   
> 
> 
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 
> 


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Saint K .]

Imo VALVe is still the only one who cares and interacts so much with their 
community. Yes they have their flaws, and they can be ugly at times, but hey, 
what other dev mails you straight away when you report a bug to resolve it? So 
far this only happends to me with VALVe. From other devs u should thank god on 
your knees to ever get any response at all.

The games are worth their money, and the suport on their games is insanely long.

VALVe still has and will continue to have my support.

Saint K.
-Original Message-
From: hlds_linux-boun...@list.valvesoftware.com 
[mailto:hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Stefan Popp
Sent: dinsdag 18 augustus 2009 20:51
To: Half-Life dedicated Linux server mailing list
Subject: Re: [hlds_linux] Valve Source Engine Console Message Format String 
Vulnerability

The wish is currently present ;)

Due a lot of stuff valve didnt managed the right way ;)
1. bad code and many ways to crash servers from client side
2. changing engine stuff without telling plugin developer about changes 
or any new sdk's
3. no statements about this and a lot of other points ;)

there are a lot of reasons why i wish to get my money back, but i still 
hope that valve goes back to their roots and care about theire community ;)

Best regards,
Stefan Popp

Adam Nowacki schrieb:
> You'd wish you never bought any Valve games the day this happens.
>
> Stefan Popp wrote:
>   
>> Sorry, but this must be corrected ;)
>>
>> -"Valve should start coding c++ with steams ;)"
>> +"Valve should start coding c++ with streams ;)"
>>
>> Best regards,
>> Stefan Popp
>>
>> Stefan Popp schrieb:
>> 
>>> Well,
>>>
>>> Valve should start coding c++ with steams ;)
>>> Who works with printfs today?
>>>
>>> I hope Valve will fix the whole source to prevent overflows.
>>> C++ is you friend, not old C stuff...
>>>
>>> Best regards,
>>> Stefan Popp
>>>
>>>
>>> Claudio Beretta schrieb:
>>>   
>>>   
 Thanks, anyone knows if a workaround is available?

 BTW: aren't "security researchers" supposed to contact the developers 
 before
 releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a few
 weeks -.-


 On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  
 wrote:

   
 
 
> A friend forwarded me this info regarding a vulnerability.  I am unable to
> test this at the moment, but it does look like it is possible.  Thought I
> would get this out to the community before others start using this to 
> cause
> havoc.
>
>  http://www.vupen.com/english/advisories/2009/2296
>  http://aluigi.altervista.org/adv/sourcefs-adv.txt
>
> Morgan Humes
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
> 
>   
>   
 ___
 To unsubscribe, edit your list preferences, or view the list archives, 
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux
   
 
 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>   
>>>   
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>> 
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>   


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.58/2309 - Release Date: 08/18/09 
06:03:00

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

[hlds_linux] ProcessClientInfo: SourceTV can not connect to game directly crash

[Brian Rak]

If you are seeing this, it's directly related to a new srcds exploit. 
More info on it at http://aluigi.altervista.org/adv/sourcenotvnull-adv.txt

The workaround for this is actually quite trivial.  Add "tv_enable 1" to
cfg/autoexec.cfg, and (optionally) "tv_enable 0" to server.cfg (You only
need tv_enable 0 if you don't want sourcetv)

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format, String Vulnerability

[Brian Rak]

Yes, typically the company is contacted before exploits are released...
In Valve's case though, they are so unwilling to fix anything the
exploits end up being released without a fix.

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

Thats not right ;)

The programming language is the problem in this case. Why should i write 
my code with functions that shouldnt be used with C++?
C++ works with the stdlib, which means streams. Not C stuff. So its 
finally up to Valve to write programs which follows C++ standards not C.
You cant trust your users as programmer. Its up to us, to make the 
source safe, and if the projecttime needs 2 weeks more, you should spend 
the time.


Ronny Schedel schrieb:
> The problem is not the programming language, the problem is that Valve trust 
> their game clients too much.
>
>
>   
>> Well,
>>
>> Valve should start coding c++ with steams ;)
>> Who works with printfs today?
>>
>> I hope Valve will fix the whole source to prevent overflows.
>> C++ is you friend, not old C stuff...
>>
>> Best regards,
>> Stefan Popp
>>
>>
>> Claudio Beretta schrieb:
>> 
>>> Thanks, anyone knows if a workaround is available?
>>>
>>> BTW: aren't "security researchers" supposed to contact the developers 
>>> before
>>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a 
>>> few
>>> weeks -.-
>>>
>>>
>>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  
>>> wrote:
>>>
>>>
>>>   
 A friend forwarded me this info regarding a vulnerability.  I am unable 
 to
 test this at the moment, but it does look like it is possible.  Thought 
 I
 would get this out to the community before others start using this to 
 cause
 havoc.

  http://www.vupen.com/english/advisories/2009/2296
  http://aluigi.altervista.org/adv/sourcefs-adv.txt

 Morgan Humes
 ___
 To unsubscribe, edit your list preferences, or view the list archives,
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux


 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>   
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>> 
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>   


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

The wish is currently present ;)

Due a lot of stuff valve didnt managed the right way ;)
1. bad code and many ways to crash servers from client side
2. changing engine stuff without telling plugin developer about changes 
or any new sdk's
3. no statements about this and a lot of other points ;)

there are a lot of reasons why i wish to get my money back, but i still 
hope that valve goes back to their roots and care about theire community ;)

Best regards,
Stefan Popp

Adam Nowacki schrieb:
> You'd wish you never bought any Valve games the day this happens.
>
> Stefan Popp wrote:
>   
>> Sorry, but this must be corrected ;)
>>
>> -"Valve should start coding c++ with steams ;)"
>> +"Valve should start coding c++ with streams ;)"
>>
>> Best regards,
>> Stefan Popp
>>
>> Stefan Popp schrieb:
>> 
>>> Well,
>>>
>>> Valve should start coding c++ with steams ;)
>>> Who works with printfs today?
>>>
>>> I hope Valve will fix the whole source to prevent overflows.
>>> C++ is you friend, not old C stuff...
>>>
>>> Best regards,
>>> Stefan Popp
>>>
>>>
>>> Claudio Beretta schrieb:
>>>   
>>>   
 Thanks, anyone knows if a workaround is available?

 BTW: aren't "security researchers" supposed to contact the developers 
 before
 releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a few
 weeks -.-


 On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  
 wrote:

   
 
 
> A friend forwarded me this info regarding a vulnerability.  I am unable to
> test this at the moment, but it does look like it is possible.  Thought I
> would get this out to the community before others start using this to 
> cause
> havoc.
>
>  http://www.vupen.com/english/advisories/2009/2296
>  http://aluigi.altervista.org/adv/sourcefs-adv.txt
>
> Morgan Humes
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
> 
>   
>   
 ___
 To unsubscribe, edit your list preferences, or view the list archives, 
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux
   
 
 
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>   
>>>   
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>> 
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>   


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

[hlds_linux] Map change crash

[Nightbox]

After i change the map it usually crash my tf2 server.

I did not update yet because i must wait for my gsp to do it.
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Ronny Schedel]

The problem is not the programming language, the problem is that Valve trust 
their game clients too much.


> Well,
>
> Valve should start coding c++ with steams ;)
> Who works with printfs today?
>
> I hope Valve will fix the whole source to prevent overflows.
> C++ is you friend, not old C stuff...
>
> Best regards,
> Stefan Popp
>
>
> Claudio Beretta schrieb:
>> Thanks, anyone knows if a workaround is available?
>>
>> BTW: aren't "security researchers" supposed to contact the developers 
>> before
>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a 
>> few
>> weeks -.-
>>
>>
>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  
>> wrote:
>>
>>
>>> A friend forwarded me this info regarding a vulnerability.  I am unable 
>>> to
>>> test this at the moment, but it does look like it is possible.  Thought 
>>> I
>>> would get this out to the community before others start using this to 
>>> cause
>>> havoc.
>>>
>>>  http://www.vupen.com/english/advisories/2009/2296
>>>  http://aluigi.altervista.org/adv/sourcefs-adv.txt
>>>
>>> Morgan Humes
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Adam Nowacki]

You'd wish you never bought any Valve games the day this happens.

Stefan Popp wrote:
> Sorry, but this must be corrected ;)
> 
> -"Valve should start coding c++ with steams ;)"
> +"Valve should start coding c++ with streams ;)"
> 
> Best regards,
> Stefan Popp
> 
> Stefan Popp schrieb:
>> Well,
>>
>> Valve should start coding c++ with steams ;)
>> Who works with printfs today?
>>
>> I hope Valve will fix the whole source to prevent overflows.
>> C++ is you friend, not old C stuff...
>>
>> Best regards,
>> Stefan Popp
>>
>>
>> Claudio Beretta schrieb:
>>   
>>> Thanks, anyone knows if a workaround is available?
>>>
>>> BTW: aren't "security researchers" supposed to contact the developers before
>>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a few
>>> weeks -.-
>>>
>>>
>>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  wrote:
>>>
>>>   
>>> 
 A friend forwarded me this info regarding a vulnerability.  I am unable to
 test this at the moment, but it does look like it is possible.  Thought I
 would get this out to the community before others start using this to cause
 havoc.

  http://www.vupen.com/english/advisories/2009/2296
  http://aluigi.altervista.org/adv/sourcefs-adv.txt

 Morgan Humes
 ___
 To unsubscribe, edit your list preferences, or view the list archives,
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux

 
   
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>   
>>> 
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>   
> 
> 
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 
> 


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

Sorry, but this must be corrected ;)

-"Valve should start coding c++ with steams ;)"
+"Valve should start coding c++ with streams ;)"

Best regards,
Stefan Popp

Stefan Popp schrieb:
> Well,
>
> Valve should start coding c++ with steams ;)
> Who works with printfs today?
>
> I hope Valve will fix the whole source to prevent overflows.
> C++ is you friend, not old C stuff...
>
> Best regards,
> Stefan Popp
>
>
> Claudio Beretta schrieb:
>   
>> Thanks, anyone knows if a workaround is available?
>>
>> BTW: aren't "security researchers" supposed to contact the developers before
>> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a few
>> weeks -.-
>>
>>
>> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  wrote:
>>
>>   
>> 
>>> A friend forwarded me this info regarding a vulnerability.  I am unable to
>>> test this at the moment, but it does look like it is possible.  Thought I
>>> would get this out to the community before others start using this to cause
>>> havoc.
>>>
>>>  http://www.vupen.com/english/advisories/2009/2296
>>>  http://aluigi.altervista.org/adv/sourcefs-adv.txt
>>>
>>> Morgan Humes
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>> 
>>>   
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>   
>> 
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>   


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format, String Vulnerability

[Brian Rak]

Backtrace for this crash looks like:
#0  0xb7e9c463 in strlen () from /lib/tls/i686/cmov/libc.so.6
#1  0xb7e70164 in vfprintf () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7e8df81 in vsnprintf () from /lib/tls/i686/cmov/libc.so.6
#3  0xb7de2690 in V_vsnprintf () from bin/vstdlib_i486.so
#4  0xb72a389b in CGameClient::Disconnect () from bin/engine_i686.so
#5  0xb7261fe3 in CNetChan::ProcessControlMessage () from bin/engine_i686.so
#6  0xb7264177 in CNetChan::ProcessMessages () from bin/engine_i686.so
#7  0xb7264437 in CNetChan::CheckReceivingList () from bin/engine_i686.so
#8  0xb72658ae in CNetChan::ProcessPacket () from bin/engine_i686.so
#9  0xb726e9c0 in NET_ProcessSocket () from bin/engine_i686.so
#10 0xb71cbed2 in CBaseServer::RunFrame () from bin/engine_i686.so
#11 0xb72b9dec in SV_Frame () from bin/engine_i686.so
#12 0xb723851d in _Host_RunFrame_Server () from bin/engine_i686.so
#13 0xb7238d50 in _Host_RunFrame () from bin/engine_i686.so
#14 0xb7239412 in Host_RunFrame () from bin/engine_i686.so
#15 0xb724351c in CHostState::State_Run () from bin/engine_i686.so
#16 0xb72437c1 in CHostState::FrameUpdate () from bin/engine_i686.so
#17 0xb7243947 in HostState_Frame () from bin/engine_i686.so
#18 0xb72d8d54 in CEngine::Frame () from bin/engine_i686.so
#19 0xb72d6b6e in CDedicatedServerAPI::RunFrame () from bin/engine_i686.so
#20 0xb7d5e0fd in RunServer () from bin/dedicated_i686.so
#21 0xb72d654e in CModAppSystemGroup::Main () from bin/engine_i686.so
#22 0xb73ddcc3 in CAppSystemGroup::Run () from bin/engine_i686.so
#23 0xb72d779f in CDedicatedServerAPI::ModInit () from bin/engine_i686.so
#24 0xb7d5e34a in CDedicatedAppSystemGroup::Main () from
bin/dedicated_i686.so
#25 0xb7d95713 in CAppSystemGroup::Run () from bin/dedicated_i686.so
#26 0xb7d95713 in CAppSystemGroup::Run () from bin/dedicated_i686.so
#27 0xb7d5e758 in main () from bin/dedicated_i686.so
#28 0x0804909e in main ()


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format, String Vulnerability

[Brian Rak]

Yep, I just found that page a bit earlier today.  Despite the fact that
it's a serious crash, I have no hope that valve will ever fix it (Just
like the 13 other exploits they haven't done shit about)

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Stefan Popp]

Well,

Valve should start coding c++ with steams ;)
Who works with printfs today?

I hope Valve will fix the whole source to prevent overflows.
C++ is you friend, not old C stuff...

Best regards,
Stefan Popp


Claudio Beretta schrieb:
> Thanks, anyone knows if a workaround is available?
>
> BTW: aren't "security researchers" supposed to contact the developers before
> releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a few
> weeks -.-
>
>
> On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  wrote:
>
>   
>> A friend forwarded me this info regarding a vulnerability.  I am unable to
>> test this at the moment, but it does look like it is possible.  Thought I
>> would get this out to the community before others start using this to cause
>> havoc.
>>
>>  http://www.vupen.com/english/advisories/2009/2296
>>  http://aluigi.altervista.org/adv/sourcefs-adv.txt
>>
>> Morgan Humes
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>> 
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>   


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Claudio Beretta]

Thanks, anyone knows if a workaround is available?

BTW: aren't "security researchers" supposed to contact the developers before
releasing 0-day exploits?This is the 2nd 0-day exploy from aluigi in a few
weeks -.-


On Tue, Aug 18, 2009 at 6:44 PM, Morgan Humes  wrote:

> A friend forwarded me this info regarding a vulnerability.  I am unable to
> test this at the moment, but it does look like it is possible.  Thought I
> would get this out to the community before others start using this to cause
> havoc.
>
>  http://www.vupen.com/english/advisories/2009/2296
>  http://aluigi.altervista.org/adv/sourcefs-adv.txt
>
> Morgan Humes
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] L4D forks keep crashing

[Ronny Schedel]

The crashes occur on a vanilla server.


>I too had forks crashing, after i updated sourcemod and sourcebans and
> those kinds of things i didn't had any issues anymore..
>
> On Tue, 18 Aug 2009 18:50:34 +0200, "Ronny Schedel" 
> 
> wrote:
>> I have reported this right after the last update two weeks ago.
>> Unfortunatly, I was the only one with this problem, so Valve decided to
> do
>> nothing.
>>
>>
>>> Still having this problem, and it seems that several other people are as
>>> well.  When a fork crashes, its process becomes defunct and the only way
>>> I've found to fix this problem is to restart srcds.  There's no debug
>>> log or core file generated when the crash happens as far as I can tell.
>>>
>>> I currently have one dead fork and one defunct process:
>>>
>>> $ ps -ef | grep defunct
>>> srcds25157  6559  1 Aug17 pts/100:15:33 [srcds_i486] 
>>>
>>> Could we at least get an acknowledgment or status update on this from
>>> Valve?  Pretty please?
>>>
>>> Thanks,
>>> Dave
>>>
>>> David Parker wrote:
 Mine is a plain vanilla server.  I haven't had all 6 forks die yet.
 It's
 always the first and third forks which stop responding, apparently at
 the
 same time, and I have to restart srcds to get them back.

 If there is a Valve person following this thread, I've looked through
> my

 logs but I have not yet found anything which indicates when or how
> these

 forks are crashing.  If there is something specific I should be looking
>
 for, please let me know.

 - Dave

 - Original Message -
 From: Eric-Jan Riemers 
 Date: Friday, August 7, 2009 8:16 pm
 Subject: Re: [hlds_linux] L4D forks keep crashing
 To: 'Half-Life dedicated Linux server mailing list'
 

> I run 6 forks, l4d.. had to restart all of them "defunct"
>
> Some days ago, I had 2 defunct, had to restart too. Started
> after the update
> too.
>
> Could be we have a sourcemod plugin which is giving issues, but
> if yours is
> vanilla I presume its something else.
>
> -Oorspronkelijk bericht-
> Van: hlds_linux-boun...@list.valvesoftware.com
> [mailto:hlds_linux-boun...@list.valvesoftware.com] Namens Jay Deiman
> Verzonden: vrijdag 7 augustus 2009 21:09
> Aan: Half-Life dedicated Linux server mailing list
> Onderwerp: Re: [hlds_linux] L4D forks keep crashing
>
> David A. Parker wrote:
>> Hello,
>>
>> I have a Left 4 Dead server running 6 forks.  Since the
> update on July
>> 31, two of the six forks have crashed several times.
> Each time, the
>> forks stop responding to A2A_PING or A2S_INFO queries, and if
> I telnet
>> to their consoles using netcon, I can type but I get no
> response to
>> commands.  However, the master console shows the forks as
> having players
>> on them, even though they are clearly not even running anymore.
>>
>> Has anyone else experienced this?
> Yep, same here.  I have script that connects to the
> consoles to get user
> info via the rcon "status" command and it keeps failing until I
> restart
> the hlds.  And yes, I think I started experiencing this
> around the exact
> same time.
>
> Jay
>
> -- 
> Jay Deiman
>
> \033:wq!
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list
> archives, please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
 ___
 To unsubscribe, edit your list preferences, or view the list archives,
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux

>>>
>>> -- 
>>>
>>> Dave Parker
>>> Utica College
>>> Integrated Information Technology Services
>>> (315) 792-3229
>>> Registered Linux User #408177
>>>
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/li

Re: [hlds_linux] L4D forks keep crashing

[Eric Riemers]

I too had forks crashing, after i updated sourcemod and sourcebans and
those kinds of things i didn't had any issues anymore..

On Tue, 18 Aug 2009 18:50:34 +0200, "Ronny Schedel" 
wrote:
> I have reported this right after the last update two weeks ago. 
> Unfortunatly, I was the only one with this problem, so Valve decided to
do 
> nothing.
> 
> 
>> Still having this problem, and it seems that several other people are as
>> well.  When a fork crashes, its process becomes defunct and the only way
>> I've found to fix this problem is to restart srcds.  There's no debug
>> log or core file generated when the crash happens as far as I can tell.
>>
>> I currently have one dead fork and one defunct process:
>>
>> $ ps -ef | grep defunct
>> srcds25157  6559  1 Aug17 pts/100:15:33 [srcds_i486] 
>>
>> Could we at least get an acknowledgment or status update on this from
>> Valve?  Pretty please?
>>
>> Thanks,
>> Dave
>>
>> David Parker wrote:
>>> Mine is a plain vanilla server.  I haven't had all 6 forks die yet. 
>>> It's
>>> always the first and third forks which stop responding, apparently at
>>> the
>>> same time, and I have to restart srcds to get them back.
>>>
>>> If there is a Valve person following this thread, I've looked through
my
>>>
>>> logs but I have not yet found anything which indicates when or how
these
>>>
>>> forks are crashing.  If there is something specific I should be looking

>>> for, please let me know.
>>>
>>> - Dave
>>>
>>> - Original Message -
>>> From: Eric-Jan Riemers 
>>> Date: Friday, August 7, 2009 8:16 pm
>>> Subject: Re: [hlds_linux] L4D forks keep crashing
>>> To: 'Half-Life dedicated Linux server mailing list' 
>>> 
>>>
 I run 6 forks, l4d.. had to restart all of them "defunct"

 Some days ago, I had 2 defunct, had to restart too. Started
 after the update
 too.

 Could be we have a sourcemod plugin which is giving issues, but
 if yours is
 vanilla I presume its something else.

 -Oorspronkelijk bericht-
 Van: hlds_linux-boun...@list.valvesoftware.com
 [mailto:hlds_linux-boun...@list.valvesoftware.com] Namens Jay Deiman
 Verzonden: vrijdag 7 augustus 2009 21:09
 Aan: Half-Life dedicated Linux server mailing list
 Onderwerp: Re: [hlds_linux] L4D forks keep crashing

 David A. Parker wrote:
> Hello,
>
> I have a Left 4 Dead server running 6 forks.  Since the
 update on July
> 31, two of the six forks have crashed several times.
 Each time, the
> forks stop responding to A2A_PING or A2S_INFO queries, and if
 I telnet
> to their consoles using netcon, I can type but I get no
 response to
> commands.  However, the master console shows the forks as
 having players
> on them, even though they are clearly not even running anymore.
>
> Has anyone else experienced this?
 Yep, same here.  I have script that connects to the
 consoles to get user
 info via the rcon "status" command and it keeps failing until I
 restart
 the hlds.  And yes, I think I started experiencing this
 around the exact
 same time.

 Jay

 -- 
 Jay Deiman

 \033:wq!

 ___
 To unsubscribe, edit your list preferences, or view the list archives,
 please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux


 ___
 To unsubscribe, edit your list preferences, or view the list
 archives, please visit:
 http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives, 
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>
>> -- 
>>
>> Dave Parker
>> Utica College
>> Integrated Information Technology Services
>> (315) 792-3229
>> Registered Linux User #408177
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> 
> 
> 
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] L4D forks keep crashing

[Ronny Schedel]

I have reported this right after the last update two weeks ago. 
Unfortunatly, I was the only one with this problem, so Valve decided to do 
nothing.


> Still having this problem, and it seems that several other people are as
> well.  When a fork crashes, its process becomes defunct and the only way
> I've found to fix this problem is to restart srcds.  There's no debug
> log or core file generated when the crash happens as far as I can tell.
>
> I currently have one dead fork and one defunct process:
>
> $ ps -ef | grep defunct
> srcds25157  6559  1 Aug17 pts/100:15:33 [srcds_i486] 
>
> Could we at least get an acknowledgment or status update on this from
> Valve?  Pretty please?
>
> Thanks,
> Dave
>
> David Parker wrote:
>> Mine is a plain vanilla server.  I haven't had all 6 forks die yet.  It's 
>> always the first and third forks which stop responding, apparently at the 
>> same time, and I have to restart srcds to get them back.
>>
>> If there is a Valve person following this thread, I've looked through my 
>> logs but I have not yet found anything which indicates when or how these 
>> forks are crashing.  If there is something specific I should be looking 
>> for, please let me know.
>>
>> - Dave
>>
>> - Original Message -
>> From: Eric-Jan Riemers 
>> Date: Friday, August 7, 2009 8:16 pm
>> Subject: Re: [hlds_linux] L4D forks keep crashing
>> To: 'Half-Life dedicated Linux server mailing list' 
>> 
>>
>>> I run 6 forks, l4d.. had to restart all of them "defunct"
>>>
>>> Some days ago, I had 2 defunct, had to restart too. Started
>>> after the update
>>> too.
>>>
>>> Could be we have a sourcemod plugin which is giving issues, but
>>> if yours is
>>> vanilla I presume its something else.
>>>
>>> -Oorspronkelijk bericht-
>>> Van: hlds_linux-boun...@list.valvesoftware.com
>>> [mailto:hlds_linux-boun...@list.valvesoftware.com] Namens Jay Deiman
>>> Verzonden: vrijdag 7 augustus 2009 21:09
>>> Aan: Half-Life dedicated Linux server mailing list
>>> Onderwerp: Re: [hlds_linux] L4D forks keep crashing
>>>
>>> David A. Parker wrote:
 Hello,

 I have a Left 4 Dead server running 6 forks.  Since the
>>> update on July
 31, two of the six forks have crashed several times.
>>> Each time, the
 forks stop responding to A2A_PING or A2S_INFO queries, and if
>>> I telnet
 to their consoles using netcon, I can type but I get no
>>> response to
 commands.  However, the master console shows the forks as
>>> having players
 on them, even though they are clearly not even running anymore.

 Has anyone else experienced this?
>>> Yep, same here.  I have script that connects to the
>>> consoles to get user
>>> info via the rcon "status" command and it keeps failing until I
>>> restart
>>> the hlds.  And yes, I think I started experiencing this
>>> around the exact
>>> same time.
>>>
>>> Jay
>>>
>>> -- 
>>> Jay Deiman
>>>
>>> \033:wq!
>>>
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list archives,
>>> please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>>
>>>
>>> ___
>>> To unsubscribe, edit your list preferences, or view the list
>>> archives, please visit:
>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>
> -- 
>
> Dave Parker
> Utica College
> Integrated Information Technology Services
> (315) 792-3229
> Registered Linux User #408177
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

[hlds_linux] Valve Source Engine Console Message Format String Vulnerability

[Morgan Humes]

A friend forwarded me this info regarding a vulnerability.  I am unable to
test this at the moment, but it does look like it is possible.  Thought I
would get this out to the community before others start using this to cause
havoc.

  http://www.vupen.com/english/advisories/2009/2296
  http://aluigi.altervista.org/adv/sourcefs-adv.txt

Morgan Humes
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Re: [hlds_linux] L4D forks keep crashing

[David A. Parker]

Still having this problem, and it seems that several other people are as 
well.  When a fork crashes, its process becomes defunct and the only way 
I've found to fix this problem is to restart srcds.  There's no debug 
log or core file generated when the crash happens as far as I can tell.

I currently have one dead fork and one defunct process:

$ ps -ef | grep defunct
srcds25157  6559  1 Aug17 pts/100:15:33 [srcds_i486] 

Could we at least get an acknowledgment or status update on this from 
Valve?  Pretty please?

 Thanks,
 Dave

David Parker wrote:
> Mine is a plain vanilla server.  I haven't had all 6 forks die yet.  It's 
> always the first and third forks which stop responding, apparently at the 
> same time, and I have to restart srcds to get them back.
> 
> If there is a Valve person following this thread, I've looked through my logs 
> but I have not yet found anything which indicates when or how these forks are 
> crashing.  If there is something specific I should be looking for, please let 
> me know.
> 
> - Dave
> 
> - Original Message -
> From: Eric-Jan Riemers 
> Date: Friday, August 7, 2009 8:16 pm
> Subject: Re: [hlds_linux] L4D forks keep crashing
> To: 'Half-Life dedicated Linux server mailing list' 
> 
> 
>> I run 6 forks, l4d.. had to restart all of them "defunct" 
>>
>> Some days ago, I had 2 defunct, had to restart too. Started 
>> after the update
>> too.
>>
>> Could be we have a sourcemod plugin which is giving issues, but 
>> if yours is
>> vanilla I presume its something else.
>>
>> -Oorspronkelijk bericht-
>> Van: hlds_linux-boun...@list.valvesoftware.com
>> [mailto:hlds_linux-boun...@list.valvesoftware.com] Namens Jay Deiman
>> Verzonden: vrijdag 7 augustus 2009 21:09
>> Aan: Half-Life dedicated Linux server mailing list
>> Onderwerp: Re: [hlds_linux] L4D forks keep crashing
>>
>> David A. Parker wrote:
>>> Hello,
>>>
>>> I have a Left 4 Dead server running 6 forks.  Since the 
>> update on July 
>>> 31, two of the six forks have crashed several times.  
>> Each time, the 
>>> forks stop responding to A2A_PING or A2S_INFO queries, and if 
>> I telnet 
>>> to their consoles using netcon, I can type but I get no 
>> response to 
>>> commands.  However, the master console shows the forks as 
>> having players 
>>> on them, even though they are clearly not even running anymore.
>>>
>>> Has anyone else experienced this?
>> Yep, same here.  I have script that connects to the 
>> consoles to get user 
>> info via the rcon "status" command and it keeps failing until I 
>> restart 
>> the hlds.  And yes, I think I started experiencing this 
>> around the exact 
>> same time.
>>
>> Jay
>>
>> -- 
>> Jay Deiman
>>
>> \033:wq!
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list archives,
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>> ___
>> To unsubscribe, edit your list preferences, or view the list 
>> archives, please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 

-- 

Dave Parker
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux