downloading stuff from server
Moderators: Forum moderators, developers
downloading stuff from server
I dont like to download all the stuff public servers tend to have installed, like different skins, sounds etc. so I have "cl_allowdownload 0" in my autoexec and it works, but
1) About an hour ago I ran ET and joined some public server and to my surprise it started downloading, so I assume it had "forcecvar cl_allowdownload 1", if it is true then it shoudn't be allowed...
2) I often get kicked after map change, because I don't have the map, I'd like to dl it, but not to dl all other "goodies". Please add something like "Get missing files from server" - no/yes/"map files only"
-Paladin, thx Jump3r for account (I'm lazy to reg)
1) About an hour ago I ran ET and joined some public server and to my surprise it started downloading, so I assume it had "forcecvar cl_allowdownload 1", if it is true then it shoudn't be allowed...
2) I often get kicked after map change, because I don't have the map, I'd like to dl it, but not to dl all other "goodies". Please add something like "Get missing files from server" - no/yes/"map files only"
-Paladin, thx Jump3r for account (I'm lazy to reg)
-
- Posts: 127
- Joined: Fri Aug 20, 2004 9:49 am
a map pk3 contains a bsp file.
Our servers now run on 64 bit steroids. Point your ET to:
- Forgotten Ground StopWatch Server with occasional wolfrof 1
- Fraggle Rock ETPub Server - Mix up ET/UT & Duke Nukem
- Forgotten Ground StopWatch Server with occasional wolfrof 1
- Fraggle Rock ETPub Server - Mix up ET/UT & Duke Nukem
except the point wasnt to stop hax pk3s, it was to not download unneeded crap except the map files, e.g. watermarks/skinsmortis wrote:Meaning that hacker admins would add a fake bsp file to their hax pk3s in all probability. Malicious server admins can usually find a convenient way to explout the download vulnerability, unless the check is obfuscated by looking for some highly improbable and not publicly known file types.
________
vaporite solo vaporizer
Last edited by Fusen on Fri Feb 04, 2011 12:00 pm, edited 1 time in total.
It would be great.. i just HATE all those lame paks.. suddently your loading screen is all different. sounds fucked up..flagas differetn.. and i havent seen a single one of those paks that i actually want to use.
dunno how it would be done.. but it could be sweet if you could avoid gettting all that crap in our etfolder.
dunno how it would be done.. but it could be sweet if you could avoid gettting all that crap in our etfolder.
Re: downloading stuff from server
There are more cvars that shouldn't be possible to force on clients imho (like b_watermarkalpha), though cl_allowdownload is the most important one.jump3r wrote: 1) About an hour ago I ran ET and joined some public server and to my surprise it started downloading, so I assume it had "forcecvar cl_allowdownload 1", if it is true then it shoudn't be allowed...
- mortis
- Posts: 360
- Joined: Tue Jul 06, 2004 11:57 pm
- Location: at the center of the e-universe
- Contact:
I think you misunderstand. I agree that it would be nice to exclude unnecessary pk3s. My point was that whatever criterion was needed (.bsp files, .arena files, .tga heightmaps or whatever) can still be abused by malicious admins if the criterions are obvious.Fusen wrote:except the point wasnt to stop hax pk3s, it was to not download unneeded crap except the map files, e.g. watermarks/skinsmortis wrote:Meaning that hacker admins would add a fake bsp file to their hax pk3s in all probability. Malicious server admins can usually find a convenient way to explout the download vulnerability, unless the check is obfuscated by looking for some highly improbable and not publicly known file types.
For example, a malicious admin bent on spreading zz_hax_of_the_week.pk3 would only have his fun spoiled until he included a blank .bsp file in the pk3 to override the download protection. The same is true for server watermark files, although I bet you could exlude pk3s that are identified as being the watermark by the server, although I don't think that this is true in the current etpro build.
I understood completely what you said, and yet you reiterate the point. Why talk about hax? we all know the server admin if wanted could give you dodgy files but the op isn't talking about hax, so it's VERY unlikely the server owner who is currently making you download watermarks will go out his way to make you download the watermark if checks are added.mortis wrote:I think you misunderstand. I agree that it would be nice to exclude unnecessary pk3s. My point was that whatever criterion was needed (.bsp files, .arena files, .tga heightmaps or whatever) can still be abused by malicious admins if the criterions are obvious.Fusen wrote:except the point wasnt to stop hax pk3s, it was to not download unneeded crap except the map files, e.g. watermarks/skinsmortis wrote:Meaning that hacker admins would add a fake bsp file to their hax pk3s in all probability. Malicious server admins can usually find a convenient way to explout the download vulnerability, unless the check is obfuscated by looking for some highly improbable and not publicly known file types.
For example, a malicious admin bent on spreading zz_hax_of_the_week.pk3 would only have his fun spoiled until he included a blank .bsp file in the pk3 to override the download protection. The same is true for server watermark files, although I bet you could exlude pk3s that are identified as being the watermark by the server, although I don't think that this is true in the current etpro build.
________
herbal vaporizer
Last edited by Fusen on Fri Feb 04, 2011 12:00 pm, edited 1 time in total.
- mortis
- Posts: 360
- Joined: Tue Jul 06, 2004 11:57 pm
- Location: at the center of the e-universe
- Contact:
You mean, unless they want to force you to see their watermark. No, your ordinary run of the mill server admin isn't going to do that. The big issue as I see it, would be some way to play on servers but only download map files, helping to reduce the security threat of mailicious pk3s and forcefed watermarks, stupid voicepacks, etc.
We can manually clean out etmain all we want, but average users have no way of knowing for sure what is a legitimate pk3 and what is superfluous...and the kind of files they really don't want on their system can still be forced to be there.
There are two advantages to selective downloads. One is to reduce/eliminate unnessary and unwanted HUD, voicepack, watermark, and whatever else downloads to pollute a clean install of Wolfy. the second advantage would be to reduce/prevent the unwanted transfer of unsafe pk3s using existing exploits of all-or-nothing pk3 downloads.
I'd love to join a server, have etpro identify the in-use map, download that map if necessary, and allow me to F2 or flat out decline all campaign packs, voice packs, watermarks, etc.. Security plus convenience.
We can manually clean out etmain all we want, but average users have no way of knowing for sure what is a legitimate pk3 and what is superfluous...and the kind of files they really don't want on their system can still be forced to be there.
There are two advantages to selective downloads. One is to reduce/eliminate unnessary and unwanted HUD, voicepack, watermark, and whatever else downloads to pollute a clean install of Wolfy. the second advantage would be to reduce/prevent the unwanted transfer of unsafe pk3s using existing exploits of all-or-nothing pk3 downloads.
I'd love to join a server, have etpro identify the in-use map, download that map if necessary, and allow me to F2 or flat out decline all campaign packs, voice packs, watermarks, etc.. Security plus convenience.