Security improvement

General discussion about LÖVE, Lua, game development, puns, and unicorns.
User avatar
rod_sn
Prole
Posts: 27
Joined: Sun Jan 11, 2015 9:59 am

Security improvement

Post by rod_sn » Wed May 11, 2016 11:25 am

Hello everyone, going straight to the point:
Love 2D allows the applications to access any folder in the appdata directory. This is, if i set my

Code: Select all

t.identity = ".minecraft" 
for example, i will be able to remove, add, change and upload the minecraft files from the foler. In this case it's maps and simple stuff, but if we set it to the skype folder then things get serious. In the skype folder you have a folder with your login name. Inside that you have access to:

- Logs
- Profile pictures
- Cached data
- Voicemails

And much more.
Not to mention that there is a "My Skype Received Files" in the skype directory which has ALL of the images/songs/files that you received on that machine. This means all of this data can be uploaded without you noticing. I call for a way of preventing love from accessing other apps data. Maybe make identities have a suffix. Eg: skype => 2d_skype; or maybe a hash: skype => 70ea57dc5d73586d96115d77e981ab9a_skype That's the best way i can think of.
"You certainly usually find something, if you look, but it is not always quite the something you were after."
-Thorin Oakenshield, J.R.R. Tolkien

User avatar
Sulunia
Party member
Posts: 201
Joined: Tue Mar 22, 2016 1:10 pm
Location: SRS, Brazil

Re: Security improvement

Post by Sulunia » Wed May 11, 2016 12:39 pm

I'm not sure, but the only folder you have access to is the Love2D created folder...
Did you test this out?
Also, 2016 and people still use skype over discord, holy bananas.
I know skype is used for video, please don't start flamewars on this, i'm joking about people who use it for gaming.
Don't check my github! It contains thousands of lines of spaghetti code in many different languages cool software! :neko:
https://github.com/Sulunia

User avatar
ivan
Party member
Posts: 1530
Joined: Fri Mar 07, 2008 1:39 pm
Contact:

Re: Security improvement

Post by ivan » Wed May 11, 2016 1:07 pm

Yes, Love2D could be used to cause harm to the user's system, but that is besides the point. From a dev perspective, you want to avoid running code from untrusted sources.
When running a Love2D application you have to assume that the scripts being executed come from a trusted source. In my opinion, it's not a security issue UNLESS your game downloads or runs scripts from unknown sources. Like for example user-generated content. Loading Lua files from the appdata folder may not be 100% safe either since those could be modified by a third party.
In general, you should be fine as long as you don't run untrusted code.

User avatar
slime
Solid Snayke
Posts: 2853
Joined: Mon Aug 23, 2010 6:45 am
Location: Nova Scotia, Canada
Contact:

Re: Security improvement

Post by slime » Wed May 11, 2016 4:27 pm

rod_sn wrote:Love 2D allows the applications to access any folder in the appdata directory.
Un-fused .love games have their save directory inside a LOVE folder in appdata. So if you set the identity to ".minecraft" it will be %appdata%/LOVE/minecraft/.

Fused love games (i.e. when you distribute the exe fused with the .love) don't have the above restriction, so they behave similarly to every other non-love game you can download.

On some operating systems, like iOS, programs are completely sandboxed so they have no access to data stored by any other program. In Windows every program you install can access every folder in appdata, regardless of whether the program was created using love or not.

love's APIs already make it much less easy than normal to access files from other programs, since love.filesystem only reads from the game's source and the save directory. I don't see much value in changing the way it currently works - for example, if love were to modify the string you use for the save directory's folder name, it would make it more difficult for end users to locate and access the game's save directory.

User avatar
rod_sn
Prole
Posts: 27
Joined: Sun Jan 11, 2015 9:59 am

Re: Security improvement

Post by rod_sn » Wed May 11, 2016 7:41 pm

I am aware of the LOVE folder restriction, but i was talking about the fused games. And yes i see its more difficult for users to access the game save dir (but not that much difficult, i mean you see an app called "skype_2d" easly), but i mean... Can't anything be done? why not include the LOVE folder restriction to fused games as well?
"You certainly usually find something, if you look, but it is not always quite the something you were after."
-Thorin Oakenshield, J.R.R. Tolkien

User avatar
Kingdaro
Party member
Posts: 395
Joined: Sun Jul 18, 2010 3:08 am

Re: Security improvement

Post by Kingdaro » Wed May 11, 2016 7:46 pm

Remember that one can run "os.execute('some_l33t_malicious_code.sh')" so LOVE having security concerns isn't really news, nor is it an issue unique to just LOVE. Any engine or framework with a similar command could do the same. That's pretty much why SELÖVE exists, though it doesn't look like it's been updated in a while.

User avatar
Davidobot
Party member
Posts: 1149
Joined: Sat Mar 31, 2012 5:18 am
Location: Game-Dev. Land
Contact:

Re: Security improvement

Post by Davidobot » Wed May 11, 2016 7:55 pm

Any application, written in love or not, can access your AppData, you don't even need admin privileges for it.
So I don't think this is a problem unique to LÖVE, or to any one application really. Just don't run unknown files, and trust me, a C++ program can do heaps more damage than any love program can.
My library:
LovelyMoon

Check out my current project:
Raycaster

Oh hey, I have a website now!

User avatar
slime
Solid Snayke
Posts: 2853
Joined: Mon Aug 23, 2010 6:45 am
Location: Nova Scotia, Canada
Contact:

Re: Security improvement

Post by slime » Wed May 11, 2016 8:37 pm

rod_sn wrote:but i mean... Can't anything be done? why not include the LOVE folder restriction to fused games as well?
Not really, no. That restriction would just be a meaningless gesture.

The entire io and os modules provided by Lua itself can easily bypass file access restrictions (via io.open, os.execute, etc.), plus LuaJIT's FFI can do all of that and more by allowing LÖVE users to call any C function. Even a shader can potentially crash the entire OS and cause the user to lose unsaved data, given poorly written shader code and a buggy driver (which is not uncommon).

User avatar
Inny
Party member
Posts: 652
Joined: Fri Jan 30, 2009 3:41 am
Location: New York

Re: Security improvement

Post by Inny » Thu May 12, 2016 12:34 am

The best security effort love2d.org could make would be to immediately remove any links to malicious software, and/or stop hosting any malicious software, created with Love. The best security effort the users of the love2d forums could make would be to just not abuse the glaring security holes in Windows that love hasn't restricted us from. And the best security effort that you the player of love games could make would be to not arbitrarily run .exe files you find on the internet.

Anything more would be security theater really, because you can still get the love sources yourself, compile away the security, and distribute your own malicious versions of love from other websites.

User avatar
slime
Solid Snayke
Posts: 2853
Joined: Mon Aug 23, 2010 6:45 am
Location: Nova Scotia, Canada
Contact:

Re: Security improvement

Post by slime » Thu May 12, 2016 12:44 am

Inny wrote:The best security effort the users of the love2d forums could make would be to just not abuse the glaring security holes in Windows that love hasn't restricted us from.
Indeed. Also report any malicious software ASAP. :)

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 7 guests