server security

Kevin_b_er · August 20, 2009

Greetings, Kevin_b_er representing "brothersofchaos.com"

Recently it came out that ALL source-based games (srcds.exe, including counterstrike: source, TF2, Left4Dead, Half-Life 2: Deathmatch) are vulnerable to an exploit in which the game server executable can delete or run any file it has access to.

However this brings an immediate concern, any exploit which implicates a particular game executable suddenly becomes a danger for the entire server.

How can I have the game executable running under accounts with limited privileges (not the SYSTEM account)? Please note I'm not talking about tcadmin accounts, I'm talking about the windows user accounts. I need it to run under an alternate account, one that I can restrict from being able to overwrite windows system files.

jcroom · August 20, 2009

been a while, but im pretty sure you can just change the user the service runs as.....

MLS-Shawn · September 3, 2009

Doesnt the game server need a addon mod installed on it to be able to run system commands like your talking about?

studeggle · September 3, 2009

nope its an exploit in the game, patched by now but that is the reason that security should be in place by all GSPs

http://clientforums.tcadmin.com/showpost.php?p=41585&postcount=6

Sign In

server security

Recommended Posts

Kevin_b_er

Link to comment

Share on other sites

jcroom

Link to comment

Share on other sites

MLS-Shawn

Link to comment

Share on other sites

studeggle

Link to comment

Share on other sites

Archived

Who's Online 0 Members, 0 Anonymous, 8 Guests (See full list)

Forums

Important Information