Love security flaw
Forum rules
Before you make a thread asking for help, read this.
Before you make a thread asking for help, read this.
- Taehl
- Dreaming in associative arrays
- Posts: 1025
- Joined: Mon Jan 11, 2010 5:07 am
- Location: CA, USA
- Contact:
Love security flaw
I was checking out the Lua documentation, and noticed a little function called io.popen. What it does is execute a specified program. I checked, and io.popen is available in Love 0.7. I think it should be blocked - Love games have no need to execute other programs. Amongst other uses, someone could make a Love game which contains a malicious binary as a string, which writes it to a file and then executes it.
Earliest Love2D supporter who can't Love anymore. Let me disable pixel shaders if I don't use them, dammit!
Lenovo Thinkpad X60 Tablet, built like a tank. But not fancy enough for Love2D 0.10.0+.
Lenovo Thinkpad X60 Tablet, built like a tank. But not fancy enough for Love2D 0.10.0+.
- Robin
- The Omniscient
- Posts: 6506
- Joined: Fri Feb 20, 2009 4:29 pm
- Location: The Netherlands
- Contact:
Re: Love security flaw
There was heavy opposition when some people (including me) suggested that LÖVE should be sandboxed.
SELÖVE is my fork of LÖVE that does exactly that --- it hasn't been updated for a while though.
SELÖVE is my fork of LÖVE that does exactly that --- it hasn't been updated for a while though.
Help us help you: attach a .love.
- Taehl
- Dreaming in associative arrays
- Posts: 1025
- Joined: Mon Jan 11, 2010 5:07 am
- Location: CA, USA
- Contact:
Re: Love security flaw
Couldn't the Lua statement io.popen=nil simply be run before main.lua is opened?
Earliest Love2D supporter who can't Love anymore. Let me disable pixel shaders if I don't use them, dammit!
Lenovo Thinkpad X60 Tablet, built like a tank. But not fancy enough for Love2D 0.10.0+.
Lenovo Thinkpad X60 Tablet, built like a tank. But not fancy enough for Love2D 0.10.0+.
- Robin
- The Omniscient
- Posts: 6506
- Joined: Fri Feb 20, 2009 4:29 pm
- Location: The Netherlands
- Contact:
Re: Love security flaw
That is in essence what SELÖVE does (among other things). People thought it was needlessly limiting their right to fuck up other people's computers or something, that's why it's not in vanilla LÖVE.Taehl wrote:Couldn't the Lua statement io.popen=nil simply be run before main.lua is opened?
Help us help you: attach a .love.
- nevon
- Commander of the Circuloids
- Posts: 938
- Joined: Thu Feb 14, 2008 8:25 pm
- Location: Stockholm, Sweden
- Contact:
Re: Love security flaw
I've actually been using that to open the user's default web browser when they click on a "link". Could be used for credits, but it could also be used if people need to register on some website to be able to play the game.
I do see how it's a security risk, but honestly, if the user is running your software you can do malicious shit even if io.popen is disabled.
I do see how it's a security risk, but honestly, if the user is running your software you can do malicious shit even if io.popen is disabled.
Re: Love security flaw
I see love2d not only as a game platform (which it originally is), but also as a useful environment where you can run small applications and utilities which are good looking, multiplatform and fun. As a linux user, I am able to create the execucatble for windows users without touching any windows system - which is really great. So if you need to block it, just do it in your game, but please do not do it for the whole platform.Taehl wrote:I was checking out the Lua documentation, and noticed a little function called io.popen. What it does is execute a specified program. I checked, and io.popen is available in Love 0.7. I think it should be blocked - Love games have no need to execute other programs. Amongst other uses, someone could make a Love game which contains a malicious binary as a string, which writes it to a file and then executes it.
My lovely code lives at GitHub: http://github.com/miko/Love2d-samples
- Taehl
- Dreaming in associative arrays
- Posts: 1025
- Joined: Mon Jan 11, 2010 5:07 am
- Location: CA, USA
- Contact:
Re: Love security flaw
... That makes no sense. How is it any safer to politely ask an attacker to disable it?miko wrote:So if you need to block it, just do it in your game, but please do not do it for the whole platform.
Earliest Love2D supporter who can't Love anymore. Let me disable pixel shaders if I don't use them, dammit!
Lenovo Thinkpad X60 Tablet, built like a tank. But not fancy enough for Love2D 0.10.0+.
Lenovo Thinkpad X60 Tablet, built like a tank. But not fancy enough for Love2D 0.10.0+.
- nevon
- Commander of the Circuloids
- Posts: 938
- Joined: Thu Feb 14, 2008 8:25 pm
- Location: Stockholm, Sweden
- Contact:
Re: Love security flaw
Isn't the best solution to have the user not be an idiot and only run applications they trust? I really see it as a hindrance to throw in a bunch of artificial limitations that may prevent some "attacks" (though the attacker can just use another method), while definitely preventing lovers from doing legitimate, cool stuff.Taehl wrote:... That makes no sense. How is it any safer to politely ask an attacker to disable it?miko wrote:So if you need to block it, just do it in your game, but please do not do it for the whole platform.
- tentus
- Inner party member
- Posts: 1060
- Joined: Sun Oct 31, 2010 7:56 pm
- Location: Appalachia
- Contact:
Re: Love security flaw
Now that Nevon has made his case, I'd say I'm swayed. I can easily imagine a malicious individual working around any limitations we try and put up, and it what Robin is suggesting is a feature removal, plain and simple. Shouldn't we be trying to expand what Love can do, not pare it down?
Kurosuke needs beta testers
Who is online
Users browsing this forum: Google [Bot] and 6 guests