Server Plugin Security

[KingJ]

Many servers now allow the use of plugins to extend the functionality of the server. However, this effectively allows clients to execute any code they wish, good or bad on your system. I know TCA has an option to prevent the upload of certain file extensions, and I could simply prohibit the upload of DLL files, but then we would then need to provide continually up to date version of all mods to all servers - quite a bit (I also host non-valve games which use quite a few 3rd party plugins). This can also be an inconvenience for clients.

 

By default, TCA appears to run as the NT AUTHORITY\SYSTEM user, allowing full unrestricted access to all files on the system, a simple delete command could cause a lot of pain or allow a backdoor to be opened.

 

What would be more appropriate is for TCA to run servers under it's own user, or a restricted user to limit any damage that a plugin can do. Sadly, unlike linux, Windows users don't have the option of chrooting applications to their home directory, thus only allowing them to destroy themselves (which isn't a problem!). As implementing this will likely take a lot of work on the behalf of the TCA devs, I do not foresee such a feature being implemented.

 

What strategies do you use to protect against clients uploading malicious DLLs and executing code on your server?

[HIS-MOTHER]

What strategies do you use to protect against clients uploading malicious DLLs and executing code on your server?

 

We restrict .dll uploads and keep ours mods up to date.

[nosit1]

There's a few DLL's for our game that users need, but we have to restrict them because of DLL's like Mattie's Systems and gm_shellexe.

[KingJ]

I guess disabling DLL uploads is my only option. I already keep MM and SM up to date for CSS, TF2 and L4D - i'll just have to expand it to all games now.