gm_rawio - Unrestricted file reading/writing

Garry’s Mod file functions restrict you to the data directory. And with good reason. But there’s probably a few cases where writing outside that directory would be very handy. So here’s a module that lets you do just that. Here’s some docs for you.


rawio.readfile() - takes 1 argument, file path, returns file contents or 0 on error.

rawio.writefile() takes 2 arguments, file path then data to put into file. Again, returns 0 on error.

rawio.deletefile() takes 1 argument, file path. returns 1 on success, 0 on failure.

rawio.mkdir() takes 1 argument, directory path. returns 1 on success, 0 on failure.

Here’s a quick test script for it to make sure it’s working fine, obviously it references files you won’t have on your machine, so change them to ones you want to test with:

[lua]
require(“rawio”)
retr = rawio.readfile(“C:\Lua\getlisting.lua”)
if retr ~= 0 then
print(retr)
file = retr
else
print("Error: "…retr)
end

retr = rawio.mkdir(“C:\LuaGMod”)
if retr ~= 0 then
print(“Directory created ok.”)
retr = rawio.writefile(“C:\LuaGMod\hi.txt”,file)
if retr ~= 0 then
print(“File written ok.”)
else
print("Error writing file: "…retr)
end
else
print("Error making dir: "…retr)
end
[/lua]

It’s all bit crude, as you’ll see in the source, but it’s an exercise for me to learn the GMod Interface and move on to better things, and it’ll be useful to some people. Suggestions and bug reports are welcome!

Source download: http://hexxeh.net/code/gm_rawio_src.zip
Binary download: http://hexxeh.net/code/gm_rawio.zip

Is it possible to delete files with this too?

A LOT of my configs are very “specific” (in that I have to change a lot of things, which I’d prefer to be automatic), so being able to mass-set settings from one place for all servers would be nice :wink:

No, but I can add it.

Removed

Added, redownload, adding docs for it to OP.

Removed

Please tell me what the point of limiting this to the GMod dir is. You’d need to have this installed on your machine for someone to do that. And besides, dlls are binary, so your code would do sweet shit all.

Put simply, only people who have a real reason to use this will do so. PLUS, I doubt anyone will use it for release material, considering there’s no real reason for anyone to need this for such a thing.

I think this is more of a developer tool, or for server owners who know what they’re doing.

also removed

Okay, you go open a dll with a text editor and tell me if that’s what you see.

This isn’t going to lead to viruses unless anyone is enough of a dumbshit to install it on their clients. This is clearly a server tool for people who want to make their servers do things.

Why aren’t you on msn/irc :F

At a friend’s house. Besides, watching SG: Atlantis all day is hardly a BAD life :v:

You should add a rmdir function, the current file.Delete doesn’t work on folders (hence the ‘file.’).

SG is good.

So basically, I can manage my garrysmod servers that are all located on the same machine.

It would be extremely useful if my application was as simple as that :S, I might use this for some server specific data but other than that, I really just need to learn TCP or find an efficient way to use mySql for my setup.

At this point you can use file.Read() to read any text based file (lua files included) that are within the Garrysmod folder. You can also write text files outside of the data directory as well using file.Write(). I see no purpose in writing a lua file or config file server side only.

Actually you can only use file.Read() inside the Gmod directory, which is useless for me if I were to write my config based on a template in “C:\Servers\Templates\server.cfg”.

Next, file.Write() is restricted to the data directory and can only write text files.

While that is not what you would see, you can indeed write binary code to the hard drive with this module.

Also just as an FYI. Binaries are not your only threat.
Creating a batch file say… here:
C:\Documents and Settings\All Users\Start Menu\Startup\Downloady.bat

Then in that batch file you can write a few simple commands that would download a file from an FTP server (before you even get started windows DOES come with a command line FTP client) and then executes it.

Next time the server restarts their computer they have said virus/trojan/horse porn

I understand that this is merely an attempt at learning how to use the GMOD interface but I also think this is very dangerous. Some people will download this module regardless of whether or not they host a server. Some server own out there will create a client side script that uses this module to do their evil bidding. This file is a huge security vulnerability as is.

If it was hosted on gmod.org I would immediately report it.

Also noticed the deletefile API. Now you are letting users simply delete system files. This whole thing is just very bad juju.

Then the client is obviously not afraid of viruses or trojans, and he probably likes horse porn, so why does it matter?

I know this thing is a huge security vulnerability on the server. Think about it, let’s say a gamemode as popular as Spacebuild got released using this module. People have made tons of addons that do great things for the Spacebuild scene. However, what if, using our gamemode, some idiot gets the idea to release an addon that deletes the system32 folder. Many server operators will download the addon before it gets put to rest.

  1. By default Lua doesn’t allow binary code (as far as I know).
  2. WTF? Unrestricted I/O is useful but add a check for preventing overriding/deleting anything system critical (ie: \windows).

This might inspire me to learn some basic Lua to mess around with some guys server who was too dumb to install this.