Sandboxing (poll)

General discussion about LÖVE, Lua, game development, puns, and unicorns.

Should LÖVE be sandboxed?

Yes
27
47%
No
31
53%
 
Total votes: 58

User avatar
Taehl
Dreaming in associative arrays
Posts: 1024
Joined: Mon Jan 11, 2010 5:07 am
Location: CA, USA
Contact:

Re: Sandboxing (poll)

Post by Taehl » Mon Sep 26, 2011 12:23 am

bartbes wrote:a game needs to ask for permissions once, when it tries to not use love's api. (Something like the io library, networking possibly,
Let's not forget loading .dll libraries (or whatever .dll files are called in Linux and Mac), since something nasty could be stashed in there.
Earliest Love2D supporter who can't Love anymore. Let me disable pixel shaders if I don't use them, dammit!
Lenovo Thinkpad X60 Tablet, built like a tank. But not fancy enough for Love2D 0.10.0+.

User avatar
tsturzl
Party member
Posts: 161
Joined: Fri Apr 08, 2011 3:24 am

Re: Sandboxing (poll)

Post by tsturzl » Thu Sep 29, 2011 4:16 am

How about instead of a sand box, you implement a jailed environment. .love files can only read and write inside its own directory, thus "/" isn't the root directory of your system, its your game directory whilst running in love. Love should also be restricted to executing, reading, writing, etc. within the love root folder. Don't allow execution of anything but love scripts in the environment, and libraries installed in the Love2D install directory(not your game root directory).

Something that would be cool is a Love2D package/library manager. Trusted libs can be added to a repository for use in Love, once your application requires that library, the package manager downloads and installs it(silently without user interaction). Lua libraries will also be executed in the jailed environment, maybe even modify the binary libraries to run in the environment though it might be more work than its worth.

Maybe even restrict .love files to writing inside themselves, thereforethey are almost completely self contained.

I don't so much like the idea of asking for permission. I really don't think a message saying "Allow this game to connect to the internet?" will raise alarm to anyone if they are just expecting it to be a game anyway, they'll figure its the updater or multiplayer. You say "Allow this game to access your hard drive?" the user will just think its for game saves. Messages won't raise alarms to the user, they'll just be an annoyance. Also, if it did indeed raise an alarm to the user, it could actually turn someone away from the game, they may think "oh it wants network access, it could be a trojan!" when its really a legitimate multiplayer feature or an updater.

User avatar
pygy
Citizen
Posts: 98
Joined: Mon Jan 25, 2010 4:06 pm

Re: Sandboxing (poll)

Post by pygy » Fri Sep 30, 2011 2:20 pm

I didn't read the whole thread and apologize if this has already been covered.

Even though one should be wary of running untrusted code, I would like to know who among you does a full code audit of every .love file posted on this forum before running it. I don't. AFAIK, there are more .love files distributed here than there are bundled love games in the wild. This makes us the population the most at risk of becoming the victims of malicious code.

The second problem with the current setup is that it turns LÖVE into a potential malware creation toolkit. If it ever happens, the LÖVE binary may end up being flagged as a virus by anti-virus software and it is not something that we want.

LÖVE is a game prototyping creation toolkit. I don't understand the use of os.execute(), os.remove() and os.rename() in this context. In the same vein, I think that all file IO functions should be rewritten on top of PhysFS. It may be slightly less convenient since you'll have to copy the libraries each time you create a game, but it is a minor chore.

I don't buy the "I want freedom" argument. You have freedom because LÖVE is open source. I think it should be safe by default for the reasons mentioned above. If you want more power, you can remove the monkey patching code and recompile. Or enable symlink support in PhysFS... Or turn it into a dwarf elephant and shoot it a the moon. The possibilities are endless.

Edit - I hadn't seen the date of the initial post :-/
Edit2 - Slime: way to miss the forest for some weed.
Last edited by pygy on Fri Sep 30, 2011 3:06 pm, edited 4 times in total.
Hermaphroditism is not a crime. -- LSB Superstar

All code published with this account is licensed under the Romantic WTF public license unless otherwise stated.

User avatar
slime
Solid Snayke
Posts: 2853
Joined: Mon Aug 23, 2010 6:45 am
Location: Nova Scotia, Canada
Contact:

Re: Sandboxing (poll)

Post by slime » Fri Sep 30, 2011 2:25 pm

pygy wrote:LÖVE is a game prototyping toolkit. I don't understand the use of os.execute(), os.remove() and os.rename() in this context.
From the top of http://love2d.org/ :
Hi there! LÖVE is an *awesome* framework you can use to make 2D games in Lua.
LÖVE is a game creation toolkit, that also happens to be very good at prototyping games. :P

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 7 guests