Sandboxing (poll)

General discussion about LÖVE, Lua, game development, puns, and unicorns.
Post Reply

Should LÖVE be sandboxed?

Yes
27
47%
No
31
53%
 
Total votes: 58

User avatar
rude
Administrator
Posts: 1051
Joined: Mon Feb 04, 2008 3:58 pm
Location: Oslo, Norway

Sandboxing (poll)

Post by rude » Fri Jun 26, 2009 3:43 pm

Currently, .love files can write to everything as long as the running user has access. They can upload your private collection of home-made porn to the Internet, and replace the contents of each file on your file system with "lol".

It can do this because of the standard Lua libraries io and os. Now, the question is: should these libraries be removed? Yes, keeping them would be a risk, but should LÖVE really limit what developers can do?

EDIT: For the record, I'm not going to vote.

User avatar
bartbes
Sex machine
Posts: 4946
Joined: Fri Aug 29, 2008 10:35 am
Location: The Netherlands
Contact:

Re: Sandboxing (poll)

Post by bartbes » Fri Jun 26, 2009 4:59 pm

I voted no, but I actually want something in between, not completely sandboxed but preventing the program from doing too much harm.

User avatar
osgeld
Party member
Posts: 303
Joined: Sun Nov 23, 2008 10:13 pm

Re: Sandboxing (poll)

Post by osgeld » Fri Jun 26, 2009 5:40 pm

I battle with this often, i know i CAN use io and os but do i really need to?

the only time i need to is when im farting around with an app idea, and love is not well suited for apps

as far as games go i see no reason for them to be there

User avatar
rude
Administrator
Posts: 1051
Joined: Mon Feb 04, 2008 3:58 pm
Location: Oslo, Norway

Re: Sandboxing (poll)

Post by rude » Fri Jun 26, 2009 6:19 pm

Osgeld: good point. Don't really need it for games.

Bartbes: care to elaborate?

User avatar
osgeld
Party member
Posts: 303
Joined: Sun Nov 23, 2008 10:13 pm

Re: Sandboxing (poll)

Post by osgeld » Fri Jun 26, 2009 7:56 pm

ps just make sure you replace os.time() with something

User avatar
Robin
The Omniscient
Posts: 6506
Joined: Fri Feb 20, 2009 4:29 pm
Location: The Netherlands
Contact:

Re: Sandboxing (poll)

Post by Robin » Fri Jun 26, 2009 8:53 pm

osgeld wrote:ps just make sure you replace os.time() with something
I'm sure there are a few more functions that can still be useful. I would suggest creating a dummy os table, with only time() (and maybe some of the other date/time functions (or clock()? (the longer this post gets, the more it starts to look like LISP))) in it. That way, (a little) compatibility with standard Lua is maintained, mostly to minimize (game developer) confusion and rewriting.
Help us help you: attach a .love.

User avatar
Sardtok
Party member
Posts: 108
Joined: Thu Feb 21, 2008 2:37 pm
Location: Norway/Norge/諾威/挪威 (Yes, I'm teh back!)
Contact:

Re: Sandboxing (poll)

Post by Sardtok » Fri Jun 26, 2009 10:57 pm

How about something like security certificates, similar to Java, where they user has to accept that a game might run evil code.
That way, people who want to use io instead of love.filesystem and os instead of, uhm, (nothing…?), can do that.
All the others can make games that are happy and safe and doesn't need the user to tell it that it may go ahead and lolify their system.

I think this has been suggested before too. Of course, you could probably skip the whole certificate things, and just ask when people run evil programs.
Take off every Zigg for great rapist.
Now, outgay that!

User avatar
osgeld
Party member
Posts: 303
Joined: Sun Nov 23, 2008 10:13 pm

Re: Sandboxing (poll)

Post by osgeld » Fri Jun 26, 2009 11:56 pm

the problem with people is as soon as you imply that it could be evil, it becomes massively evil to them

User avatar
Xcmd
Party member
Posts: 211
Joined: Fri Feb 13, 2009 10:45 pm

Re: Sandboxing (poll)

Post by Xcmd » Sat Jun 27, 2009 3:56 am

I voted Yes, but only because I lean only slightly that direction. For the most part I am indifferent.
We don't borrow, we don't read, we don't rent, we don't lease, we take the minds!

User avatar
bartbes
Sex machine
Posts: 4946
Joined: Fri Aug 29, 2008 10:35 am
Location: The Netherlands
Contact:

Re: Sandboxing (poll)

Post by bartbes » Sat Jun 27, 2009 6:57 am

I'm kind of thinking about making io read-only, and preferably even home only.

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests