| Summary: | games-fps/enemy-territory: security update for Enemy Territory? | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Thomas Sachau <tommy> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | games, pacho, polynomial-c |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B? [upstream+] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Thomas Sachau
2007-03-06 02:31:15 UTC
games, please have a look Any way you can post the details so I don't have to register for that forum? Sorry, i did not see that you are not allowed to watch that thread. The main info should be in [1]. [2] is called a fix for the etpro mod only. [1] = http://www.punksbusted.com/omnix/et260b_serverfix.tar.gz [2] = http://www.punksbusted.com/omnix/wsfix.lua that's not very clear can you provide a diff or something or copy/paste the relevant lines from the forum? Is the issue fixed upstream ? Please note that there is still bug 135645 not fixed yet. after having a short look while being drunk, this looks like a 3rd party hack (of a gentoo user - cheers!) to prevent exploitation. this may work very well, but requires someone to check this in depth, probably involving time consuming binary analysis etc. also, there may be some license issues (but given the large modding community, this is not very likely). The mentioned bug is client side. This is serverside only. This [1] is the only information i got for this patch at the forum. [1] = http://www.tommyserver.de/et.php changing product/component please file security bugs in the Gentoo Security product etpub-0.8.1 includes a fix for this, so server with actual etpub-mod should not any more be affected. Is there a fix that doesn't require a complete mod? I haven't found one, but I'd gladly add one to the ebuild if there was one. I only know the file from [1] in my comment #3, which after compilation has to be preloaded before loading the game itself should prevent the exploits (as written in the included file and stated in [1] from my comment #6). Btw, ID did release the source code, if that helps anyone. Hi, well I can't provide a fix but some more information from etpro-mod forum: http://bani.anime.net/banimod/forums/viewtopic.php?t=6777 They recommend usage of a lua script to fix this stuff but I don't know if this works with other mods than etpro. Of course I'd rather see a fix for enemy-territory itself. Something like a 2.61 patch would be quite handy ;) Cheers Any news here? Either we include the 3rd party hack, either we p.mask until we have a better solution... games herd? Sorry that this is taking so long. I've not forgotten about it. I'm just swamped with 2008.0 stuff. I see no reason why we cannot simply mask it for the time being. @games: whatever the security problem was, the website is no longer accessible. Mask it or close the bug WONTFIX. Your call. may be its is a duplicate of https://bugs.gentoo.org/show_bug.cgi?id=82149 super old bug. package has already been masked for quite some time |
