ULX

Author Topic: Garrys Mod Exploit, blockable until patch?  (Read 6846 times)

0 Members and 1 Guest are viewing this topic.

Offline anticept

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
Garrys Mod Exploit, blockable until patch?
« on: May 06, 2008, 08:00:05 PM »
There is a exploit which was discovered in a source mod that crashes servers by simply inputting a console command, and I have discovered Garry's Mod is also vulnerable (keeping it under wraps). Can we possibly get a command blocker that prevents this command? I will PM what the command is either to a Ulysses dev who is interested, or to someone who has made a working, and tested, module.

Thanks!
« Last Edit: May 06, 2008, 10:44:46 PM by anticept »

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 8096
  • Karma: 390
  • Sertafide Ulysses Jenius
    • Team Ulysses [ULib/ULX, other fine releases]
Re: Garrys Mod Exploit, blockable until patch?
« Reply #1 on: May 06, 2008, 08:45:54 PM »
please email more detail to teamulysses@ulyssesmod.net
One of us may respond.
"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming

Offline anticept

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
Re: Garrys Mod Exploit, blockable until patch?
« Reply #2 on: May 06, 2008, 10:45:27 PM »
I have a running topic on the progress here:

http://forums.facepunchstudios.com/showthread.php?p=9859965

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6213
  • Karma: 394
  • Project Lead
Re: Garrys Mod Exploit, blockable until patch?
« Reply #3 on: May 07, 2008, 04:32:20 PM »
If garry hadn't removed Ucommand you could use that to remove the command :P
Experiencing God's grace one day at a time.

Offline anticept

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
Re: Garrys Mod Exploit, blockable until patch?
« Reply #4 on: May 07, 2008, 04:52:58 PM »
This is what I came up with. http://forums.facepunchstudios.com/showthread.php?p=9866502

Any suggestions (in commented code) would be much appreciated. My big concern at this moment is how to pass information to the server when the client tried to use the exploit, without using a console command.

My other worry is the fact it is all on the client, I am sure a client can figure out a way to override my blocks (I am thinking of at least one way). Suggestions for making this a much more difficult job would be appreciated :)
« Last Edit: May 07, 2008, 05:37:23 PM by anticept »

Offline spbogie

  • Ulysses Team Member
  • Sr. Member
  • *****
  • Posts: 456
  • Karma: 41
Re: Garrys Mod Exploit, blockable until patch?
« Reply #5 on: May 07, 2008, 10:04:05 PM »
Last I tested, PlayerBindPressed was only called when a player actually pressed a bind, and not when the command was actually entered into the console.
I have not failed. I've just found 10,000 ways that won't work. - Thomas A. Edison
I reject your reality and substitute my own. - Adam Savage

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6213
  • Karma: 394
  • Project Lead
Re: Garrys Mod Exploit, blockable until patch?
« Reply #6 on: May 07, 2008, 10:54:38 PM »
That and last I tested it didn't pass it through when it was aliased but I guess that must not be the case anymore.
Experiencing God's grace one day at a time.

Offline Sc00by22

  • Jr. Member
  • **
  • Posts: 98
  • Karma: 0
Re: Garrys Mod Exploit, blockable until patch?
« Reply #7 on: May 09, 2008, 06:21:26 PM »
Method 2 worked for both of my servers