NEWBIESPLAYGROUND

This is an update of engine.u for 226b and 226f clients/servers, because of a dangerous exploit that hasn't been fixed as of yet.

225 clients and servers should wait for own version, which will be made eventually...

For maximum security on Unreal servers, we (zeurkous and me) recommend you to set all system files to read only, beacuse there is an older exploit with writing a LOG file through abusive admins forcing open command with for example "LOG=core.dll", using mods which allow admins to take over player and force any console command on him...or perhaps contact Smartball, because he has made some fixes against these exploits...

AFAIK that older exploit can be only fixed natively, the way that command works and is fixed in oldunreal 227 patch only so far.

Engine.u-v226zeur2.tar.bz2

One small note: It seems Zora already included some client side protection for the log writing in nephthys already....I didn't know about that, as I told her today request if she could add some proposed change by me and zeurkous.

The problem is nephthys is inompatible with mcoop2, at least versions 1.4 and higher, the mcoop needs to be updated now I guess, or nephthys conformed to it or something.

engine.u got me banned for one map on sickpups and disabled the quit button.
:(((

What do you mean? I tried using it on KOTH server and I didn't get kicked off.....you should report that to admins I guess, but I tested it both with 226f and Unreal Gold 226b.

What with quit button?

Ah, really don't know what happened, Unreal kind of messed up, the quit button in ugold menu got disabled and connect to server menu item changed language :) I couldn't exit the game with alt+F4, had to go in task manager to do so. Did a computer reset but still the same.
no problem whatsoever, I had a 227 backed up :) I will ask to see what has been logged regarding my temp ban, I'll let you know asap.
BBG

That's strange...I am using the fixed engine.u on unrealgold right now and hasn't been kicked out and no quit button problems, but I use normal localization...

Are you sure you didn't apply the file to 227?

Or perhaps confused other engine.u or somehting...I dunno

Hi :)

Is it possible that this problem is language related? For example, my Unreal uses another engine file instead of engine.u. For me it is engine.det
I mean, if you install the game for your native language, Unreal uses certain special files instead of the original english ones. Well, just an idea I had :)

That's just localization, it is same as int, just text in the specific language...

Shouldn't have effect on this.

I could be mistaken here Kami, but I think engine.det is the equivalent of our engine.int, not engine.u. I believe that is global.

:oops: OOOPPPSSS :oops:

yup, you are right. I still was a little sleepy and didn't notice the file size :lol: :lol: :lol:

:D

I made one for 225 several days ago, although the proper release will get delayed. It is both for 225 server or client, but well...it is compatible with all official versions, but it isn't compatible with 227, beacsue I would have needed to conform it with those versions and I could break something.

Also I understand why Zora didn't make Nephthys for 227, the amount of work is simply tremendous and not worth it at all.

So....people should really have separate Unreal installs, one for 227 and another one for normal, or use shared tree using ini with different paths.
It is not my or Zora's fault, blame someone else...perhaps if the 227 team didn't have mind stuck in the mud...

But I had to make this for proper security.

If you want the 225 fixed engine.u against this very dangerous exploit, pm me...it will take a week for proper release with readme, I wanted zeurkous to write that, but he is busy atm, also I did the hex editing myself this time, just to be sure.

Lol...i wonder how u all would pronounce 'zeurkous'.

There is an alternate way to fix all your "client side exploits which may overwrite files". It is also quite a simple one I have started to use on ALL my applications I use on the internet, such as browsers, or other games I play online.

Just run the game as normal user, or guest.

By default (at least up to XP to my knowledge), users in the normal user group and guests have no permission to modify existing files, except in their own Documents folder and files elsewhere which they created/own. As a result, by playing Unreal as a guest/normal user you automatically gain immunity to all mods trying to tamper with your EXISTING files, while map downloads are still possible - provided the game was originally installed under an admin account, of course. This also makes your user.ini / unreal.ini appear as "write protected" so all changes done to it during the game while be forgotten upon exit. Downloaded files are put into your cache as normal, you might just notice the file owner of those files in your cache is then your non-admin account, of course.

This solution requires you using NTFS and at least 2 user accounts, knowing how to "Run As..." while logged in as someone else helps too.

It works with -ALL- applications there will ever be, except maybe such which may absolutely refuse to run inside non-admin accounts (but if a game refuses to run as non-admin I would find that highly suspicious).

It requires no installation of any additional or modified files.

For some games it may be advantageous to actually allow the non-admin to modify ini files such as your user.ini or the cache.ini - but you will have to decide that yourself and modify permissions on a case by case basis individually.


Hints
If you are unsure if you created and configured your non-admin user account correctly, start NOTEPAD (or any other text editor) as non-admin, and try to edit your Unreal.ini. If that is allowed (by default), you made a mistake somewhere. As a second test, see if you can CREATE a file (as non-admin) inside Unreal and edit that! This should be allowed so map downloads function properly.

If you implement this solution properly, it would still be possible to clutter up your harddrive with garbage files theoretically, but all your existing files are perfectly protected - except the 2 or 3 ini files you allowed to be modified, perhaps, but you can backup those.

Sound advice Wolf.

I have always run my Windows in this way. The administrator account is abused by so many PC owners that either do not know the risks of running internet enabled applications under an administrators account, or simply can't be bothered to switch to an administrator account to change a system setting such as a firewall.

Unreal does run well like this, and as stated the ini files are write protected, but this in my opinion is not a bad thing. Once set right the ini files shouldn't need to be written to anyway. Some of Microsoft's games won't run under a limited user account though, but with Microsoft's lapse ideas on security this really doesn't surprise me much.

Those of you that do still log into your computers under an Administrator account on a daily basis, I suggest you think carefully about the advice given by Wolf and start protecting yourselves.

Remember: an Administration account is for just that - administration, nothing else!