ET security patch

hankyboys · 2004-12-27 20:54:27 UTC

Im thinking of installing a public ET server.
I therefore wonder if somebody has been or, in the future, will make a security patch if etded is cracked?

Nail · 2004-12-27 22:43:23 UTC

Huh ???

TFate · 2004-12-27 23:09:43 UTC

I think Punkbuster and ETPro takes care of all your security problems…

ouroboro · 2004-12-27 23:52:45 UTC

sounds like he’s worried about someone possibly being able to take control of his server. i’ve never heard of it happening, so long as you use decent passwords. i’m sure if such a thing ever DID happen, SD would be all over it ASAP.

hankyboys · 2004-12-28 01:21:45 UTC

The question is based on the fact that etded is a service like any other (*nix)-service/daemon (smtpd, httpd, popd, imapd, sshd, …,). Usually such services get patches from time to time, for instance to repair a discovered security issue who could be used to comprimize the server. Passwords, PB, ETPro does not provide any security in this manner, cause the flaw is found in the code itself.

Im not trying to teach anybody anything here - Im sure you know all this - and much more than I ever will And I believe the last post gave the answer I was looking for. Thx all.

Nail · 2004-12-28 01:46:43 UTC

ya, the reason I wondered is I’d never heard of a server being comprimised when it had a decent password in place

chr0nicles · 2004-12-28 02:01:31 UTC

It’s smart anyway to run ET in a Chrooted/Jailed enviroment.

SCDS_reyalP · 2004-12-28 04:30:12 UTC

One possible area for concern is people attempting to brute force rcon passwords. You could make a script that watches the log and rate limits such attacks, or at least warns you that they are underway. I wouldn’t put much faith in the security of ET (especially etmain, I know the etpro team has fixed a number of crashbugs etc.) but I’m not aware of any public server compromise bugs.

nodgam · 2004-12-28 05:42:01 UTC

maybe this can help

User-Mode Linux is a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux kernels or distributions, and poke around in the internals of Linux, all without risking your main Linux setup.

klick here

I think Punkbuster and ETPro takes care of all your security problems…

actually they donÂ´t, they can only help detecting cheaters

SCDS_reyalP · 2004-12-28 06:28:22 UTC

True of punkbuster, but not etpro.

hankyboys · 2004-12-28 09:55:53 UTC

“I wouldn’t put much faith in the security of ET (especially etmain, I know the etpro team has fixed a number of crashbugs etc.) but I’m not aware of any public server compromise bugs.”

Conclusion: If a “compromise-bug” is in any way discovered, I cant rely on that a patch will be released and released ASAP?

DG1 · 2004-12-28 14:04:39 UTC

My guess is it’s likely if it’s something they can do without clients needing a new patch.
If it requried client patch too then probs not unless it started becoming a widespread problem?

fwiw if your OS is set up right then unless you’ve really annoyed someone to the extent they keep coming back, probs all youre going to need to do is restart the gameserver and change the password. Trying to hack the actual server would be treated very seriously by most ISPs if they didnt cover their tracks well enough.

Sauron_EFG · 2004-12-28 17:01:47 UTC

I think it would take something extremely serious and widespread for Activision/SD to spend money/time on first tracking it down and then fixing it.

DG1 · 2004-12-28 18:39:43 UTC

if players could at all easily take control of servers due to code bugs that would be extremely serious.

Sauron_EFG · 2004-12-28 18:55:31 UTC

What I mean is that players being able to crash servers apparently isn’t serious enough (or widespread enough) for a patch, although that would be considered really serious in any other server application…