Love security flaw

[BlackBulletIV]

LÖVE is a tool to make game development easier. It's not a sandbox or modding environment like WoW's Lua API, where they're restricting access in order to prevent people from doing unintended things to their game. When we restrict access to LÖVE features from ourselves, we're just shooting ourselves in the foot because we aren't modding a game, we're making a game. If I wanted, I could compile a malicious program that uses Lua's io.popen and distribute it. What's the difference between doing that and creating a löve game that does the same thing? If you're so concerned about security shouldn't you be trying to get io.popen removed from Lua itself?

It's up to the OS and developers themselves to insure greater security. The tools they use are simply that, tools.

Totally agree; we're not making browser games here (see Flash's, necessary mind you, sandboxing), but desktop games. C++, which a number of indies go with, doesn't give any sandbox whatsoever, giving them freedom to do awesome things with their games.

Sandboxing when making games, is a bit like DRM when playing games. Both hamper the ability to freely do something legitimate. It's up to the OS to ensure security, and the users to not be stupid and run something malicious.

[crow]

I don't think it should be limited at all, end of the day what if you want to build a build a game editor and other apps that all can be called from the game?
I for one think blocking things is silly I could embed this in to another exe that also ran other code long side it that would not even come from love so it
would not stop the bad users at all.

I think leaving it native lua as much as you can would be a better idea.

Just my 2 cent on it.

[killer64]

ATTENTION - this love program is trying to X
proceed?
[yes] [yes to all] [no] [no to all]

yes would allow the program to do that anytime after the user presses yes
no would do the same but disallow it
and it would tell you if that is capable of doing anything harmful or if it was flagged at malicious or editing system files, etc.

[tsturzl]

Love doesn't need security... its a game engine, not a game platform.

It seems basically 100% useless anyway, seeing as most people who distribute there games distribute the engine with it. If you distribute the engine with it, who's to say you didn't remove the sandbox, or hole punch through the sandbox code anyway. Most people who install love are developers, and if you have the love you can simply look at the code and determine if its dangerous. It would be pretty obvious that it wasn't focused on performing game logics.

I don't see why this is a recurring subject. You really have to consider that its only secure if the end user is running the .love file, which isn't how most distribute there game. In fact its a terrible way to distribute, all your end users aren't going to want to download and install love to play your game.

Is OGRE secure? Is SDL secure? Is Allegro secure? No. XNA even isn't secure, but rather the Xbox's .NET framework is. It's simply not a game engines job, simply because it can't dictate your codes behavior. If I wanted to ship harmful code ployed as a game.. I wouldn't do it in love, and if there was a sandbox, I'd modify the engine and put the harmful code in there, and ship a bundled EXE.

Perhaps a true compromise would be to sandbox calls like popen to only be able to launch things in the love app data directory or inside the .love file. This way its not preventing malicious happening but rather preventing any bugs from tampering with you system. That'd be the only real use of a sandbox.

[Robin]

LÖVE right now is kind of a hybrid between engine and platform. I think that is a good thing, and neglecting the platform side could really damage LÖVE as a product and as a community. And if LÖVE is going to spread, we need sandboxing so that people who care one bit about security will still use it, and people in the security world won't flag LÖVE as a Trojan hole-in-the-wall.

[slime]

Do people in the security world flag SDL and SFML and XNA and <game framework here> as "trojan hole-in-the-wall"s? LÖVE's platform side is only really relevant to the small community of forum regulars, not the rest of the world who uses LÖVE or games made with LÖVE (which, right now, is a LOT of people compared to those who only use our forums). In the long run, the forum regulars don't need a 100% secure sandbox nearly as much as people need to be able to make games that the rest of the world will run like any other program.

[Robin]

Do people in the security world flag SDL and SFML and XNA and <game framework here> as "trojan hole-in-the-wall"s?

I can't speak for the latter two, but SDL is very different from LÖVE. LÖVE is a program that allows arbitrary code execution. While SDL itself might have security leaks, it isn't one itself, because it isn't a program that can be used to open files that make it run arbitrary code.

In other words, SDL needs buffer overflows and other security bugs to be a security problem. LÖVE is one of itself.

Congrats on 600 posts.

[tsturzl]

Do people in the security world flag SDL and SFML and XNA and <game framework here> as "trojan hole-in-the-wall"s?

I can't speak for the latter two, but SDL is very different from LÖVE. LÖVE is a program that allows arbitrary code execution. While SDL itself might have security leaks, it isn't one itself, because it isn't a program that can be used to open files that make it run arbitrary code.

In other words, SDL needs buffer overflows and other security bugs to be a security problem. LÖVE is one of itself.

Congrats on 600 posts.

Love doesn't run arbitrary code, the Lua interpreter does this.

As stated above Love is only a platform to THIS community. No one will flag Love as a trojan, you won't need to worry about people's virus scanners going off listing Love as a security issue. Love, as it is to the end user, is just another engine.

The fact is, if you are a malicious user, you could easily trick someone into downloading anything listed as a game, the end user typically could care less what engine it is. Not to mention, if you are the attack and you know theres a sandbox, most people distribute a compiled Love engine with there game, bound into a single EXE. Nothing in love can stop the fact that the malicious coder has planted a virus in the engine, or bundled with it.

Simply enough, its a useless act. Its like a car company putting an air bag in the trunk, no one sits in the trunk. Just like no one is going to be dumb enough to use love to make malicious code. Its dumb, and useless. It gives you no advantages as a malicious developer.

I can see the use of SELove inside the community, and possibly if you made a web plugin. However for distributing, its just posing a limitation, and not really doing any real good when looking at the big picture.

XNA is a game framework, and Xbox's game platform. It isn't sandboxed, nor is it classified as a security fault. Xbox is sandbox, for obvious reasons, however XNA provides nothing of the sort. SFML doesn't either. In fact, I've never even heard of a game engine that did. Steam's game engine doesn't even do that, I don't even believe there platform does.

You can continue being stubborn, but these are the blatant facts.

[Robin]

Let's not resort to name calling, please.

[zipperipper]

This is the first time I've heard of io.popen (completely looked past it), I could make use of it for myself.
Is it disabled in 0.7.2? I sorta looked through the comments but I am derp