LÖVE

Hello everyone, going straight to the point:
Love 2D allows the applications to access any folder in the appdata directory. This is, if i set my for example, i will be able to remove, add, change and upload the minecraft files from the foler. In this case it's maps and simple stuff, but if we set it to the skype folder then things get serious. In the skype folder you have a folder with your login name. Inside that you have access to:

- Logs
- Profile pictures
- Cached data
- Voicemails

And much more.
Not to mention that there is a "My Skype Received Files" in the skype directory which has ALL of the images/songs/files that you received on that machine. This means all of this data can be uploaded without you noticing. I call for a way of preventing love from accessing other apps data. Maybe make identities have a suffix. Eg: skype => 2d_skype; or maybe a hash: skype => 70ea57dc5d73586d96115d77e981ab9a_skype That's the best way i can think of.

I'm not sure, but the only folder you have access to is the Love2D created folder...
Did you test this out?
Also, 2016 and people still use skype over discord, holy bananas.
I know skype is used for video, please don't start flamewars on this, i'm joking about people who use it for gaming.

Yes, Love2D could be used to cause harm to the user's system, but that is besides the point. From a dev perspective, you want to avoid running code from untrusted sources.
When running a Love2D application you have to assume that the scripts being executed come from a trusted source. In my opinion, it's not a security issue UNLESS your game downloads or runs scripts from unknown sources. Like for example user-generated content. Loading Lua files from the appdata folder may not be 100% safe either since those could be modified by a third party.
In general, you should be fine as long as you don't run untrusted code.

rod_sn wrote:Love 2D allows the applications to access any folder in the appdata directory.

Un-fused .love games have their save directory inside a LOVE folder in appdata. So if you set the identity to ".minecraft" it will be %appdata%/LOVE/minecraft/.

Fused love games (i.e. when you distribute the exe fused with the .love) don't have the above restriction, so they behave similarly to every other non-love game you can download.

On some operating systems, like iOS, programs are completely sandboxed so they have no access to data stored by any other program. In Windows every program you install can access every folder in appdata, regardless of whether the program was created using love or not.

love's APIs already make it much less easy than normal to access files from other programs, since love.filesystem only reads from the game's source and the save directory. I don't see much value in changing the way it currently works - for example, if love were to modify the string you use for the save directory's folder name, it would make it more difficult for end users to locate and access the game's save directory.

I am aware of the LOVE folder restriction, but i was talking about the fused games. And yes i see its more difficult for users to access the game save dir (but not that much difficult, i mean you see an app called "skype_2d" easly), but i mean... Can't anything be done? why not include the LOVE folder restriction to fused games as well?

Remember that one can run "os.execute('some_l33t_malicious_code.sh')" so LOVE having security concerns isn't really news, nor is it an issue unique to just LOVE. Any engine or framework with a similar command could do the same. That's pretty much why SELÖVE exists, though it doesn't look like it's been updated in a while.

Any application, written in love or not, can access your AppData, you don't even need admin privileges for it.
So I don't think this is a problem unique to LÖVE, or to any one application really. Just don't run unknown files, and trust me, a C++ program can do heaps more damage than any love program can.

rod_sn wrote:but i mean... Can't anything be done? why not include the LOVE folder restriction to fused games as well?

Not really, no. That restriction would just be a meaningless gesture.

The entire io and os modules provided by Lua itself can easily bypass file access restrictions (via io.open, os.execute, etc.), plus LuaJIT's FFI can do all of that and more by allowing LÖVE users to call any C function. Even a shader can potentially crash the entire OS and cause the user to lose unsaved data, given poorly written shader code and a buggy driver (which is not uncommon).

The best security effort love2d.org could make would be to immediately remove any links to malicious software, and/or stop hosting any malicious software, created with Love. The best security effort the users of the love2d forums could make would be to just not abuse the glaring security holes in Windows that love hasn't restricted us from. And the best security effort that you the player of love games could make would be to not arbitrarily run .exe files you find on the internet.

Anything more would be security theater really, because you can still get the love sources yourself, compile away the security, and distribute your own malicious versions of love from other websites.

Inny wrote:The best security effort the users of the love2d forums could make would be to just not abuse the glaring security holes in Windows that love hasn't restricted us from.

Indeed. Also report any malicious software ASAP.