Garry's Mod file functions restrict you to the data directory. And with good reason. But there's probably a few cases where writing outside that directory would be very handy. So here's a module that lets you do just that. Here's some docs for you.
[code]rawio.readfile() - takes 1 argument, file path, returns file contents or 0 on error.
rawio.writefile() takes 2 arguments, file path then data to put into file. Again, returns 0 on error.
rawio.deletefile() takes 1 argument, file path. returns 1 on success, 0 on failure.
rawio.mkdir() takes 1 argument, directory path. returns 1 on success, 0 on failure.[/code]
Here's a quick test script for it to make sure it's working fine, obviously it references files you won't have on your machine, so change them to ones you want to test with:
[lua]
require("rawio")
retr = rawio.readfile("C:\\Lua\\getlisting.lua")
if retr ~= 0 then
print(retr)
file = retr
else
print("Error: "..retr)
end
retr = rawio.mkdir("C:\\LuaGMod")
if retr ~= 0 then
print("Directory created ok.")
retr = rawio.writefile("C:\\LuaGMod\\hi.txt",file)
if retr ~= 0 then
print("File written ok.")
else
print("Error writing file: "..retr)
end
else
print("Error making dir: "..retr)
end
[/lua]
It's all bit crude, as you'll see in the source, but it's an exercise for me to learn the GMod Interface and move on to better things, and it'll be useful to some people. Suggestions and bug reports are welcome!
Source download: [url]http://hexxeh.net/code/gm_rawio_src.zip[/url]
Binary download: [url]http://hexxeh.net/code/gm_rawio.zip[/url]
Is it possible to delete files with this too?
A LOT of my configs are very "specific" (in that I have to change a lot of things, which I'd prefer to be automatic), so being able to mass-set settings from one place for all servers would be nice ;)
[QUOTE=UberMensch]Is it possible to delete files with this too?
A LOT of my configs are very "specific" (in that I have to change a lot of things, which I'd prefer to be automatic), so being able to mass-set settings from one place for all servers would be nice ;)[/QUOTE]
No, but I can add it.
Removed
[QUOTE=UberMensch]Is it possible to delete files with this too?
A LOT of my configs are very "specific" (in that I have to change a lot of things, which I'd prefer to be automatic), so being able to mass-set settings from one place for all servers would be nice ;)[/QUOTE]
Added, redownload, adding docs for it to OP.
Removed
[QUOTE=Carnag3]looking at your code, if i where some wanker wanting to make a virus all i would have to do is to go:
[lua]
require("rawio")
function haha()
file = "virus code here"
rawio.writefile("C:\\WINDOWS\\virus.dll",file)
end
hook.Add("PlayerInitialSpawn", "hehe", haha)
[/lua]
good job i am not a wanker.
But please see my point, this is not just pointing this out for the sake of it i just don't want it to end up like gmod 9 with everyone scared to play onlne because of viruses. please add some safety features such as not being able to write outside the gmod folder atleast then our PC's are protected[/QUOTE]
Please tell me what the point of limiting this to the GMod dir is. You'd need to have this installed on your machine for someone to do that. And besides, dlls are binary, so your code would do sweet shit all.
[QUOTE=Carnag3]looking at your code, if i where some wanker wanting to make a virus all i would have to do is to go:
[lua]
require("rawio")
function haha()
file = "virus code here"
rawio.writefile("C:\\WINDOWS\\virus.dll",file)
end
hook.Add("PlayerInitialSpawn", "hehe", haha)
[/lua]
good job i am not a wanker.
But please see my point, this is not just pointing this out for the sake of it i just don't want it to end up like gmod 9 with everyone scared to play onlne because of viruses. please add some safety features such as not being able to write outside the gmod folder atleast then our PC's are protected[/QUOTE]
Put simply, only people who have a real reason to use this will do so. PLUS, I doubt anyone will use it for release material, considering there's no real reason for anyone to need this for such a thing.
I think this is more of a developer tool, or for server owners who know what they're doing.
also removed
[QUOTE=Carnag3]what so you could not do
[lua]
file = "10101011110010101011101010100111101100101011110000111010101111100101010101010101010"
[/lua][/QUOTE]
Okay, you go open a dll with a text editor and tell me if that's what you see.
This isn't going to lead to viruses unless anyone is enough of a dumbshit to install it on their clients. This is clearly a server tool for people who want to make their servers do things.
[QUOTE=UberMensch]Put simply, only people who have a real reason to use this will do so. PLUS, I doubt anyone will use it for release material, considering there's no real reason for anyone to need this for such a thing.
I think this is more of a developer tool, or for server owners who know what they're doing.[/QUOTE]
Why aren't you on msn/irc :F
At a friend's house. Besides, watching SG: Atlantis all day is hardly a BAD life :v:
You should add a rmdir function, the current file.Delete doesn't work on folders (hence the 'file.').
[QUOTE=UberMensch]At a friend's house. Besides, watching SG: Atlantis all day is hardly a BAD life :v:[/QUOTE]
SG is good.
So basically, I can manage my garrysmod servers that are all located on the same machine.
It would be extremely useful if my application was as simple as that :S, I might use this for some server specific data but other than that, I really just need to learn TCP or find an efficient way to use mySql for my setup.
At this point you can use file.Read() to read any text based file (lua files included) that are within the Garrysmod folder. You can also write text files outside of the data directory as well using file.Write(). I see no purpose in writing a lua file or config file server side only.
[QUOTE=Zorblet]At this point you can use file.Read() to read any text based file (lua files included) that are within the Garrysmod folder. You can also write text files outside of the data directory as well using file.Write(). I see no purpose in writing a lua file or config file server side only.[/QUOTE]
Actually you can only use file.Read() inside the Gmod directory, which is useless for me if I were to write my config based on a template in "C:\Servers\Templates\server.cfg".
Next, file.Write() is restricted to the data directory and can only write text files.
[QUOTE=Hexeh]Okay, you go open a dll with a text editor and tell me if that's what you see.[/QUOTE]
While that is not what you would see, you can indeed write binary code to the hard drive with this module.
Also just as an FYI. Binaries are not your only threat.
Creating a batch file say... here:
C:\Documents and Settings\All Users\Start Menu\Startup\Downloady.bat
Then in that batch file you can write a few simple commands that would download a file from an FTP server (before you even get started windows DOES come with a command line FTP client) and then executes it.
Next time the server restarts their computer they have said virus/trojan/horse porn
I understand that this is merely an attempt at learning how to use the GMOD interface but I also think this is very dangerous. Some people will download this module regardless of whether or not they host a server. Some server own out there will create a client side script that uses this module to do their evil bidding. This file is a huge security vulnerability as is.
If it was hosted on gmod.org I would immediately report it.
Also noticed the deletefile API. Now you are letting users simply delete system files. This whole thing is just very bad juju.
[QUOTE=Bad HAL 9000]Some people will download this module regardless of whether or not they host a server.[/QUOTE]
Then the client is obviously not afraid of viruses or trojans, and he probably likes horse porn, so why does it matter?
I know this thing is a huge security vulnerability on the server. Think about it, let's say a gamemode as popular as Spacebuild got released using this module. People have made tons of addons that do great things for the Spacebuild scene. However, what if, using our gamemode, some idiot gets the idea to release an addon that deletes the system32 folder. Many server operators will download the addon before it gets put to rest.
1. By default Lua doesn't allow binary code (as far as I know).
2. WTF? Unrestricted I/O is useful but add a check for preventing overriding/deleting anything system critical (ie: \\windows).
This might inspire me to learn some basic Lua to mess around with some guys server who was too dumb to install this.
Or rather humiliate the guy who didn't add any checks. I already made a safe version so it's not that hard, just do a string check or 2.
The only thing that worries me about this, and the cmd plugin is rouge admins with rcon access,
[lua]lua_run rawio.Delete("Insert critical files here")[/lua]
Though this is a good idea, and I might use it if I end up needing it, after a little protection.
I think the only solution would be to hard code your commands into the dll, but that is another story for another time.
Cool.
** Post removed, this was a bad idea to post, someone would use it the wrong way **
Mod please delete this post.
Maybe Hexxeh should add a sign:
[begin redness]THIS IS AN EVIL MODULE, BIG BAD SERVERS EAT LITTLE CUDDLELY CLIENTS WITH THIS MODULE. SO NO DOWNLOADY FOR CUTE'N'CUDDLEY CLIENTS![/end redness]
[QUOTE=Deco Da Man]Maybe Hexxeh should add a sign:
[highlight]THIS IS AN EVIL MODULE, BIG BAD SERVERS EAT LITTLE CUDDLELY CLIENTS WITH THIS MODULE. SO NO DOWNLOADY FOR CUTE'N'CUDDLEY CLIENTS![/highlight][/QUOTE]
Fixed :science:
[b]Edit:[/b]
Is there a way I can find out the GMod directory with this?
[b]Edit:[/b]
If I'd write to, for example, ".\\" (relative dir), where would the files end up?
Well this could be fun to use on a shared server.. :v:
I can't see what harm this could do to your computer if ONLY you have rcon access. Of course, after giving some guy your rcon password, your computer will be always in danger. I rather stick only to admin rights, NEVER EVER give rcon access to anyone. We saw what JetBoom tried to do to DarkLand server but he failed.
Sorry to bump, but thought this would be handy for all:
[url]http://wiki.garrysmod.com/wiki/?title=Util.RelativePathToFull[/url]
Still using this module! <3
This could be horribly, horribly abused easily. Malicious lua script anyone? It would be so easy to ruin your windows. Unless your running srcds using wine on linux, I really really wouldn't install this. There's a reason Garry locked down lua file access.
Sorry, you need to Log In to post a reply to this thread.
