LÖVE

Perhaps you want to prevent from getting into jail?

pygy wrote::-| ... I meant Robin, sorry... The night has been very short.

It's nice to see my name stays in your memory even when I'm not around.

How could he not when he screamed it last night?

:O, I just realized what I did, I should keep this stuff on IRC...

bartbes wrote::O, I just realized what I did, I should keep this stuff on IRC...

And yet you click submit...

Anyway, this is the reason we should have Project LoveChild (I'll work on it this summer).

Also, the title of this subject keeps tricking me into believing this is about something completely different. And now, for something completely different...

I don't see the problem with sandboxing. It's not like games need that much ability to run. Heck, the XBOX 360 edition that I'm working on will be like working in a sandbox, since you really can't do that much in XBOX 360 other then run your game and save game data.

We could always have a "safe mode" (like love-safe or love --safe) that would cause the game to have limited ability. Better yet, the game would start out sandboxed and, if required, would request permission with love.sandbox.unlock() or something and LOVE would ask the user for permission.

I don't want any Sandbox for Love.
I prefer less security and being not limited on what I can do with it.
Maybe some runtime option for running unknown code in a restricted mode would be handy but Sandbox should NOT be default.

Luiji wrote:Something that could make this project very popular is to remove the ability for viruses to infect systems. This means stuff such as:
- Removing the Lua I/O functions and forcing programs to use the safer love.filesystem module.
- Preventing the ability to start external processes (so that it won't extract an executable and run it).
- Preventing "require" from being used and going back to the love.filesystem.require system to prevent the library from requiring files outside of the percieved safe paths (the game directory and the configuration directory).

if this happens and LOVE is declared/assumed to be 'safe' then an unexpected exploit could be used for malicious intent, the possibility of someone foolishly running bad code actually increases since nobody would suspect a .love file to have a malicious capability

never run unknown/untrusted scripts/programs is the only way to prevent viruses, its not the api developer's responsibility

Also, keep in mind love is actually a framework, i.e. a lib. (albeit pretty invasive)

I don't know about other people, but for me sandboxing LÖVE isn't so much to make it “safe” as for the reason that a game has no business with most of my data.

And as for those applications that do require outside access: they are applications, not games. Therefore, if you want to do it properly, use a framework that is fit for the purpose. LÖVE is a 2D game engine/framework, anything made with LÖVE outside that area is a novelty plaything at best.

EDIT: L33T

You know, with the concept of the source always being accessible, there really is no need for sandboxing as long as we players just run do a quick look through the code.