[6th|illogical]

Already looked at patch-o-matic. I "may" write a case-insensitive string match module.

As for modifying the q3ded and it not pissing off pure or PB, that's bad, really bad. With the right knowledge a programmer/server admin could code some unfair advantages in for his team. If their server is used for a match... I see a problem.

[Woekele]

I think this thread and the links in it should be deleted. We dont want people to find about this

[Heldenhaft (old)]

Its not the q3ded to path with the fix, its the quake3.x86 where Luigi Auriemma advice to change Offset 0005a95c from 01 to 03 with the fix/patcher. Doesn't work (still vulnerable) for me (with urt), maybe someone else have more luck with this.

Anyway think the way with the iptables is the better one, unless there is a working official patch.

And no deletion/concealment is not the right way, aslong you not working for a well known software company ;>

[6th|illogical]

The iptables rules may be best... Or a passthrough server (something I've always wanted to play with)...

[Jagged (old)]

Quote

Its not the q3ded to path with the fix, its the quake3.x86 where Luigi Auriemma advice to change Offset 0005a95c from 01 to 03 with the fix/patcher. Doesn't work (still vulnerable) for me (with urt), maybe someone else have more luck with this.

Anyway think the way with the iptables is the better one, unless there is a working official patch.

And no deletion/concealment is not the right way, aslong you not working for a well known software company ;>

Yeah, it doesnt fix it in every case. However, quake3.x86 is the linux client, q3ded is the linux server. Patching quake3.x86 will not do any good at all.

[Jagged (old)]

Quote

I think this thread and the links in it should be deleted. We dont want people to find about this

Security through obscurity, eh? Must be a Windows user . Seriously, though, it's better to be informed than uninformed.

[Woekele]

Haha, well... I just think there should be a good working fix before showing the bug.

[Jagged (old)]

Quote

Already looked at patch-o-matic. I "may" write a case-insensitive string match module.

As for modifying the q3ded and it not pissing off pure or PB, that's bad, really bad. With the right knowledge a programmer/server admin could code some unfair advantages in for his team. If their server is used for a match... I see a problem.

I do agree somewhat w/ you here.. Just wait for the q3 source code to be released... Course, by then we'll probably be moving on to etut.

[Jagged (old)]

Another thing to point out is that iptables doesn't help the Windows server admins at all (shame on them for not using linux anyways)

-Jagged

[6th|illogical]

Windows server admins were screwed from the beginning, I'm mean really, they're using Windows. But on a serious not, this is where a pass through server would be perfect.

Clients connect to the passthrough. The passthrough filters data if neccessary, then passes it to the Quake 3 server. Basically, it's like a NAT, having to keep track of what's what and who's.