C Disc Exploit - Garry's Mod

Just a heads up to you guys. There is currently an exploit in Garrysmod which allows server owners to access, view and copy text files from their clients C Disk. So if you have any custom gamemodes, passwords or any sensitive information saved in text files I suggest you .rar them to prevent anybody using the exploit on you. Very few people know about it, but as usual, it will probably be leaked so until Garry gets round to fixing it I advise you to be cautious. Thanks.

Are you sure it's not just using gm_rawio.dll?

On their entire hard drive or just the garrysmod folder? Just text files?

The entire C Disc. Just text files, yes. [QUOTE=whosdr;29381538]Are you sure it's not just using gm_rawio.dll?[/QUOTE] And yes.

So long as they don't write or delete anything on the clients I don't really care that much. And how did you find this out if few people know about it as I am very skeptical about the lack of information or proof.

.txt files sensitive information ?

Who would store sensitive information in text files? There are thousands of reputable clients around that do the same thing, only they encrypt it.

[QUOTE=XtraGaming;29383542]The entire C Disc. Just text files, yes. And yes.[/QUOTE] It isn't something garry will fix then, it's an external module that he has no input on. He could probably fix it, but it would also break it for legitimate users.

The exploit (unless a newer method has been found) only allows you to browse directories and view files in it. You can't read the file / write to a file, irregardless of the extension.

[QUOTE=Teddi Orange;29397315]The exploit (unless a newer method has been found) only allows you to browse directories and view files in it. You can't read the file / write to a file, irregardless of the extension.[/QUOTE] I really don't get why file.Read/Write is restricted but the "/" exploit on other functions is not fixed.

Are you sure it's just the C:\ drive and not the drive the Steam installation resides on? Many users don't install Steam on C:\