NEWBIESPLAYGROUND

Well I need administrator acount, besides it used to standard in older windows either.

And this won't protect you against rebinding keys, even if at startup it will changed back, they can rebind your keys or even set your paths outside Unreal, as it was warned about, but this fix is not for that.

That is a stupid solution really and I doubt it would actually protect fully against this "new" exploit anyway.

This exploit allows writing new files, not tampering with existing files.

I have had hard time making this and nobody apreciates this, only people who understand really. I would want this fix to be hosted by major Unreal sites as well.

And I won't go to guest account, I got it disabled anyway and I won't create new acount just for playing games, I am not a mere user anyway. This is exactly why computer users intelligence is going down the drain lately.

EDIT: And TBH Wolf, I doubt your experience, if you remember 4 years back, I actually managed using listen server to "steal" in a bug crash your entire user.ini settings and then you thought I stole your ID or something, lol.

I never used it for wrong purpose though and I immediately erased your config from my file if you remember...
but it was a glitch in your own uteamfix back then nonethless.

I am really starting to question your intelligence lately Leo, you are starting to talk a load of rubbish. Wolf didn't say use the guest account, this account is generally disabled as default.

What both he and I were saying is if you run under a limited user account, you don't have access to important system files, therefore, your so-called 'exploit' doesn't have access to them either - there-go no fix required!

Everybody requires an administrator account to make important system changes, however this day and age no-one should be running on it on a day to day basis, and if you are still using your Administration account as your main login instead of a limited user account then you really do deserve to get exploited.

Listen, I have my own reasons to talk the way I am talking, I've been through a lot of crap lately and I don't like when my work is being put down for nothing or outright ignored. Get it? I was fixing a very dangerous exploit that in fact is gonna be abused and by one of the 227 team members! There you go, I said it...and no it's not the end of it, not at all. Do not dare to even delete this part, I am doing this for a reason and I have a good reason to...

Besides he mentioned the guest acount after all. But the limited user thing has own security risks as well and it won't protect you from these exploits, not at all....for god's sake you don't even know what you are talking about.

Using limited things is not good at all, you don't even know what's going on with your system that way.

Oh that's nice really. You know, I am not a mere user, I often change files on daily basis everywhere etc, so I changed my privilegies, but I am careful about security as well and your remark to deserve being exploited is uncalled for.

EDIT: Snipped out last part of the message anyway, explaining this stuff in more detail, but someone can take it wrongly so...instead I changed the first part to reflect the last one.

Geweaun, 'zeurkous'. Hoe anders?

Firstly, it is becoming very apparent that a lot of the c**p you are going through you are actually bringing on yourself.

Secondly, you have already been warned about using this forum to make slanderous comments about OldUnreal and the 227 team. This forum is for the -(DOG)- Clan, who wish for no more flaming between us and them. Further outbursts will result in your account here being suspended.

If you wish to continue your one man war with them, go do it elsewhere.

It is no slander! It is a fact! Go ahead, if that's what you are looking for.

I am going to make the facts go public anyway, because I am not a liar and you go and believe your fairytales.

EDIT: One man war? So you all think that the argument between NP and OU was broguth by me originally? Newflash:
No it wasn't, it was brought by pitbull alone and I had nothing to do with it.
But I won't let myself to be silenced and killed somewhere in a corner, no that's not fair at all.
I can and will defend myself.

That doesn't fix the exploit itself. And depending on the exact system (environment) you run Unreal in, you might be able to do a great deal of damage.



You think I'd allow X, which is insecure enough by itself, access to guests and/or random lusers?



Ah, but not everyone runs windoze. Besides, you'd have to have superluser access to the machine, create an account, make the profile effectively read-only -- which is, afaik, plain impossible w/ windoze --, and generally be paranoid about running a program which I hold dear.

I never install monolithc games as the superluser. Always under me own account. If I then feel the need to "install" something globally, it goes into /data/games, owned, not-so-coincidentally, by luser games.

You'd have to seperate all writable parts, destroy and regenerate them on every invocation. Okay, you can write a script to do that, but can you honestly expect the average luser to undertake such an effort in these dark times?



Nah, ffs works just fine, as does any UNIX file system (although ext? sh1t is async, no matter what mount options you specify; it's hence prone to -- more or less silent -- data corruption).



Sure. Just keep dreaming on :^) Windoze lusers can be so pathetic.



That's the one thing in your post that I'm able to agree with.



Not in Unreal, no. But it's a half-assed workaround -- not a solution! -- that _does_ require quite a bit of work on the rest of the system. Including the installation of "additional or modified" files.



I just keep a dedicated ~/games/Unreal/ tree and symlink all the content in from the relevant dir on /data/games/.







My "harddrive" -- I think you made a little tyop there -- doesn't contain the ~/games/ tree. That's all on the file server. Besides, I always create filesystems for all of the avail space when adding disks (except usually some initial slab of, say, 512M, for use in emergencies). So it's a bit difficult to fill up any "harddrives" that way :^)

Well, uhm, now I've answered a long, battered list of cli^W^W^W^W^Wall that -- what was your actual point?

Let's just stop the discussion here, Leo brought us something that can protect us and we should be thankful for this.
Also, running a non-admin account is not an option for some, me included.

Thank you...

Don't mind if I don't quite agree on that one :')



_Your_ windoze? Last time I looked it was owned by Microsoft Corporation -- has that changed recently?



I've seldom read that much buzzwords in a "technical" post.



Not on FAT. There, they are read-only. Subtle diff.



Nah, I always remove write permission too. Since Unreal runs through wine -- well, at the moment it doesn't, damn those open source weenies who develop it -- in my case -- coupled with the fact that even _I_ have to explicitly give me back write access using chmod(2) --, Unreal never gets to write to them. That provides a bit of a security layer that's sorely lacking on windoze.

But that's not the right way to do things. Programs themselves, including Unreal, are expected to be reasonably secure on a UNIX system (on a windoze system, on the other hand, programs are expected to be unreasonably unsecure), to the point that you should be able to run them as a normal luser without Bad Things happening.

Then again, I'm the UNIX weenie. Perhaps technical "correctness" is a bit difficult for you windoze guys to maintain.



Well, that inspires me to say that the two principal applications on windoze, Solitaire and Minesweeper, are reasonably secure and don't generally feel the need to mangle sensitive config files.



How can you keep an eye on the system without frequent superluser access? I don't expect you to be victim to the same top(1) obsession as I am, but use the right accuont for the right thing. To inspect and maintain the system, log in as the superluser. If you don't need to do that, well, I suggest you use your own account (if that's not root <g>).



Uhm, on UNIX it's also used to run a host of critical daemons, and less-critical programs through use of the much-maligned setuid(7) mechanism.

In general: get a clue. Really.

edit: fix quoting

It might be able to replace existing files outright. I haven't tried.



Yeah I'd say! I wrote the code :^)

Not on this forum your not, there are hundreds of pathetic forums worldwide whose only existance is to slate people, go use one of those. And yes the last incident with OldUnreal was invoked by your slander. Had you not made the comments you made on this forum, Pitbull would have had no reason to respond.

I think you mean 'by default', or 'as {a,the} default' [1]. Besides, you seem to be violating the policy which you agreed to and I didn't -- by virtue of cloning the form and switching the button texts -- by calling Leo_TCK's talk 'a load of rubbish'.

Go wash your mouth with soap.



Yeah, sure, you'll want to install every sh1tpiece of software globally just to "protect" your own account. And define 'system' for me, will you? Methinks we have a little impedance mismatch on that one...



_What_? Give _everyone_ an administrative account?



Nah, every bit of maintenance and improvement to the system can wait two weeks a time!

Pfft.



Define 'my main login'. I mean, I always log into the console as 'root' -- that's where it's for!
I also run top(1) on it, should you happen to wonder.

[1] Yes, I'm sure I have my Grammar Police badge somewhere...

Nope that's not true at all, I just said that he has acussed me of posting ***** on this forum recently, which I said was totally false because my thread was year old at best, get it? And no it didn't lead to that, keep telling that to yourself....

Besides I am dealing with something much more serious than this and pitbull has went over the top and harassed and abused ME while I was playing on other server and even "attempted" to blackmail me and other things. And right after he did that he went here and got himself banned, that's the proper chain of events right there. besides I didn't tell about it to anyone, not before he went posting in that thread and got himself banned..and I didn't post it here either.

Yeah, by getting sick of silly primate behavior. That's a sure way to become... impopular.



Then why call your WWW site "NEWBIESPLAYGROUND"[sic]? Or are you implying that you can't grow beyond that collective status?



Slanderous! Welcome to the internets, Mr. TomKatRebel! Where no analogy with the IRL human social hierarchy is left unused by n00bs.



You mean in a place that isn't subject to censorship? To this enforcement of primate social rules that don't make a damn of a sense at all?

Are you a dog -- or are you a silly primate pretending to be one?