Hi, first off, big thanks to everybody involved in maintaining ioquake. You've done a great job!
On Tue, Sep 04, 2012 at 03:42:21PM +0200, Markus Koschany wrote: > In practice this would force players to download custom maps and even > new versions of base maps manually from more or less trustworthy servers. *nod*. I doubt it'll add much to security, as people will manually dl maps from possibly untrusted servers by-hand then. Also I think it must be almost a year that I last played on the line, custom maps (and mods) were still quite widespread. Of course I may be biased, since I prefer servers with the instagib mod ;). > Please consider a second alternative: > > * Automatic downloading is disabled on the first start thus OpenArena is > secure by default. > * You could also move the menu option for auto downloading to the > bottom and improve the description. "Warning: Enabling of auto > downloading *could* lead to security implications. Worst case: > Execution of arbitrary code. Please visit <link to the Debian Wiki> > and carefully read about the alternatives *before* you enable this option. > *nod*. Maybe there's another measure to mitigate against some effects of malicious downloads: Can access of ioquake3 (and games using it) be restricted somehow? (apparmor or selinux comes to my mind, but I must admit that I don't have much clue with that). Cheers, Stefan.
signature.asc
Description: Digital signature
