LÖVE

I was checking out the Lua documentation, and noticed a little function called io.popen. What it does is execute a specified program. I checked, and io.popen is available in Love 0.7. I think it should be blocked - Love games have no need to execute other programs. Amongst other uses, someone could make a Love game which contains a malicious binary as a string, which writes it to a file and then executes it.

There was heavy opposition when some people (including me) suggested that LÖVE should be sandboxed.

SELÖVE is my fork of LÖVE that does exactly that --- it hasn't been updated for a while though.

Couldn't the Lua statement io.popen=nil simply be run before main.lua is opened?

Taehl wrote:Couldn't the Lua statement io.popen=nil simply be run before main.lua is opened?

That is in essence what SELÖVE does (among other things). People thought it was needlessly limiting their right to fuck up other people's computers or something, that's why it's not in vanilla LÖVE.

I've actually been using that to open the user's default web browser when they click on a "link". Could be used for credits, but it could also be used if people need to register on some website to be able to play the game.

I do see how it's a security risk, but honestly, if the user is running your software you can do malicious shit even if io.popen is disabled.

Taehl wrote:I was checking out the Lua documentation, and noticed a little function called io.popen. What it does is execute a specified program. I checked, and io.popen is available in Love 0.7. I think it should be blocked - Love games have no need to execute other programs. Amongst other uses, someone could make a Love game which contains a malicious binary as a string, which writes it to a file and then executes it.

I see love2d not only as a game platform (which it originally is), but also as a useful environment where you can run small applications and utilities which are good looking, multiplatform and fun. As a linux user, I am able to create the execucatble for windows users without touching any windows system - which is really great. So if you need to block it, just do it in your game, but please do not do it for the whole platform.

miko wrote:So if you need to block it, just do it in your game, but please do not do it for the whole platform.

... That makes no sense. How is it any safer to politely ask an attacker to disable it?

Taehl wrote:

miko wrote:So if you need to block it, just do it in your game, but please do not do it for the whole platform.

... That makes no sense. How is it any safer to politely ask an attacker to disable it?

Isn't the best solution to have the user not be an idiot and only run applications they trust? I really see it as a hindrance to throw in a bunch of artificial limitations that may prevent some "attacks" (though the attacker can just use another method), while definitely preventing lovers from doing legitimate, cool stuff.

I rest my case.

Now that Nevon has made his case, I'd say I'm swayed. I can easily imagine a malicious individual working around any limitations we try and put up, and it what Robin is suggesting is a feature removal, plain and simple. Shouldn't we be trying to expand what Love can do, not pare it down?