This is so funny because rust has one of the worst cheating situations and majority of their players are windows users, and theres lots of games that have anticheat that allows linux and have notably less significant cheating problems like marvel rivals. in reality rust doesn't take cheating very seriously because if they did they would have more server side software that detects illegitimate behaviour like tons of other games do successfully...... even most popular Minecraft servers have better functioning anti cheat that is completely server side than rust has while getting kernel access to your pc. its pathetic and lazy development tbh and this entire post from them reads like such extreme cope....
This was like, over a decade back, I don't remember it in accurate detail, and also, Garry deleted all the old Facepunch forums, which I do remember having a lot of discussion about this...
But, best I can recall, it was something like a buffer overflow/memory space exploit, because Garry exposed a core Steam function, that normally is only called by other Steam functions, in c++...
Well, Garry decided to give basically a lua api / reference method of accessing it directly, allowing doing arbitrary code injection into it, from anyone running a GMod server or networked client.
So I mean yeah, you can say Valve should not have trusted Garry with low level access to Source and Steam, that that's their bad, they should have expected he would create a serious security exploit out of naivette/hubris, like the proverbial junior sql db admin who just does 'DROP ALL' on prod, as an 'experiment'.
Uh yep, I would agree with that.
... I think this may have had something to do with Steam's, fairly new at the time, achievements system roll out, but I'm not sure if that's correct.
EDIT:
For those that don't know, the vast, vast majority of what GMod is, is basically just opening up core Steam/Source calls done in C++, opening those up to Lua, by mapping them with reference methods, and then allowing Lua scripting via those methods.
Then on top of that, you draw like, the item spawning menu, tool menus, make a standardized template for making a new tool or weapon (SWEPs) or entities, or players or NPCs, etc.
So uh, yeah, if you're not careful with that, if you don't know what you're doing at the lowest level, that can be very dangerous and easily lead to uh, unforseen consequences.
I'm still confused why any game having a way to upload a worm into Steam is good and why it was uniquely a GMod problem. It sounds like a case of a problem waiting to happen and the first place it happened to happen was GMod.