A few commands/ConVar's that should be fixed or removed - Garry's Mod

A few commands/ConVar's that should be fixed or removed

3 replies, posted
In This Thread

I posted this on GetSatisfaction ([url]http://getsatisfaction.com/facepunch/topics/a_few_commands_convars_that_should_be_fixed_or_removed[/url]), but seeing as that didn't (and probably won't any time soon) get Garry's attention, i'll post it here too. [quote]1. 'sv_lua_datafolder' - (Serverside) Can be used to read/write files outside of the Garry's Mod directory. Raises security issues for rented servers. (Users can read anything on the server, and write to any location) 2. 'record/screenshot/jpeg' - None of these commands are limited to the Garry's Mod directory, so files can be written (however the extension is limited) to the root using '../' the correct amount of times - or just '/' for record. 3. 'demo_recordcommands' - This ConVar allows demo files to record the commands ran during recording so that they can be executed on playback. Servers can send demo files to clients via resource.AddFile (The extension may need to be changed from .dem, untested), then send a usermessage telling them to execute playdemo [filename.extension], leading to the client executing the recorded commands with no restrictions. (Client is vulnerable to keys being rebinded) 4. 'vprof_record_(start/stop)/con_logfile' - These commands have been removed on the client, however not on the server. This is another problem for rented servers because it allows users to create files anywhere on the box, and also allows any file to be overwritten/appended to.[/quote]

[QUOTE=Benlecyborg;17430766]You should have PM'ed these to Garry. People will know how to use them now that you posted them.[/QUOTE] It's Matt Wild. What do you expect he would do ^_^

[QUOTE=Benlecyborg;17430766]You should have PM'ed these to Garry. People will know how to use them now that you posted them.[/QUOTE] At least they will get patched faster this way.

Sorry, you need to Log In to post a reply to this thread.