Administrator Priviliges

[Cirdan]

Hi!

ARE YOU NUTS?? Forcing users to running a game as Administrator is a HUGE security hole. Additionally many can not play it on machines where they dont have those priviliges in the first place, me included. So PLEASE, remove the enfocing entry from the manifest ASAP.

THX

[smoth]

hi, what are you on about now?

You can run spring in a directory on your desktop if need be.

[imbaczek]

smoth: the problem is the manifest file. you can edit it yourself with a good text editor, just open up the exe and search for manifest.

it was done to not confuse newbies when their spring doesn't work for non-obvious reasons.

[Regret]

running a game as Administrator is a HUGE security hole

Why?

[Felix the Cat]

running a game as Administrator is a HUGE security hole

Why?

Because Tobi is secretly an al-Qaeda operative who's building up a massive undercover botnet to wage a massive DOS attack on the US government.

Duh.

[Cirdan]

running a game as Administrator is a HUGE security hole

Why?

You seriously don't know??? Because the lobby open many inseure connections over the network, and i bet the lobby was not testet much against bufferoverflows and whatsoever.

running a game as Administrator is a HUGE security hole

Why?

Because Tobi is secretly an al-Qaeda operative who's building up a massive undercover botnet to wage a massive DOS attack on the US government.

Duh.

It has nothing to do with Tobi.....

hi, what are you on about now?

You can run spring in a directory on your desktop if need be.

No, i can't . And thats what i'm all about. It always wants to run as Administrator.

I removed the manifest with VisualStudio, so i'm clear. But all other gamers are still exposed. And PLEASE don't make the mistake of saying there is no risk!

[Regret]

You seriously don't know??? Because the lobby open many inseure connections over the network, and i bet the lobby was not testet much against bufferoverflows and whatsoever.

What are you talking about?

[smoth]

Well then, have you considered offering a solution? Spring is open source. Springlobby has a svn I believe so you should be able to help them patch it up. I don't know where the tasclient source is if it is even released

[BrainDamage]

iirc tasclient forces administrator priviledges so it can auto update itself when put into program files folder

SpringLobby nor any other spring related program does afaik ( even tho archive mover should probably )

[smoth]

I am still dumbstruck by the program files bit. I do no understand the decision.

[Felix the Cat]

I am still dumbstruck by the program files bit. I do no understand the decision.

I'm dumbstruck by MS's decision to hard-code Program Files as a special restricted-access folder.

...or is that what you're dumbstruck about?

[smoth]

I am not here to bash any operating system I have no idea why they chose to set spring to install in program files rather than elsewhere.

[imbaczek]

simple - because that's where programs should install themselves. what needs fixing is using better data directories when the current defaults (ie. spring install dir) aren't available, e.g. because of privileges.

[MidKnight]

Program files is fine, except when you're using Vista.


the you have to constantly reset permissions so that SD/SVN/AM work, and give all ur lobby apps admin rights

On linux, however everything is fine, EXCEPT FOR THE USER-SPECIFIC MOD/MAP DIRS, which made me have to download 3 copies of each mod i get

[SpliFF]

Cirdan, if you care about security then why are you running Vista?

Ooohh, that felt good.

[Spawn_Retard]

Is There no way to turn that bullshit off, and have it go back to xp settings :D

[MidKnight]

Is There no way to turn that bullshit off, and have it go back to xp settings :D

there is, but if you do it, then it immediately auto-installs every form of spyware imaginable onto your system

[Satirik]

running a game as Administrator is a HUGE security hole

Why?

You seriously don't know??? Because the lobby open many inseure connections over the network, and i bet the lobby was not testet much against bufferoverflows and whatsoever.

many insecure connections over the network ... wtf are you talking about ? it's just opening one connection to the server and http ones to ladder and updates

but go ahead test it with "bufferoverflows and whatsoever" and don't forget to tell us when you'll hack the internet

[Forboding Angel]

Is There no way to turn that bullshit off, and have it go back to xp settings :D

there is, but if you do it, then it immediately auto-installs every form of spyware imaginable onto your system

Bullshit. Learn what you are talking about. XP as admin is more vulnerable. Disabling UAC is essentially the same as using unsecured XP Pro as admin.

If you are having spyware troubles after disabling UAC, try Firefox, nub.

[Licho]

Just patch OS when you can, dont run suspicious things or use stupid browsers..

* 11 years online without firewall and antivirus and no internet related security incident

Oh and on vista its stupid .. SD needs admin rights to save maps (because they are in program files) and tasclient needs admin rights to start SD :)