Page 2 of 4

Re: Complete Lack of Viral Capability

Posted: Tue Jun 01, 2010 7:28 pm
by Robin
Perhaps you want to prevent from getting into jail?

Re: Complete Lack of Viral Capability

Posted: Tue Jun 01, 2010 7:58 pm
by Jasoco
pygy wrote::-| ... I meant Robin, sorry... The night has been very short.
It's nice to see my name stays in your memory even when I'm not around.

Re: Complete Lack of Viral Capability

Posted: Tue Jun 01, 2010 8:00 pm
by bartbes
How could he not when he screamed it last night?

:O, I just realized what I did, I should keep this stuff on IRC...

Re: Complete Lack of Viral Capability

Posted: Tue Jun 01, 2010 8:52 pm
by Robin
bartbes wrote::O, I just realized what I did, I should keep this stuff on IRC...
And yet you click submit...

Anyway, this is the reason we should have Project LoveChild (I'll work on it this summer).

Also, the title of this subject keeps tricking me into believing this is about something completely different. And now, for something completely different...

Re: Complete Lack of Viral Capability

Posted: Tue Jun 01, 2010 11:58 pm
by Luiji
I don't see the problem with sandboxing. It's not like games need that much ability to run. Heck, the XBOX 360 edition that I'm working on will be like working in a sandbox, since you really can't do that much in XBOX 360 other then run your game and save game data.

We could always have a "safe mode" (like love-safe or love --safe) that would cause the game to have limited ability. Better yet, the game would start out sandboxed and, if required, would request permission with love.sandbox.unlock() or something and LOVE would ask the user for permission.

Re: Complete Lack of Viral Capability

Posted: Wed Jun 02, 2010 9:51 pm
by snake
I don't want any Sandbox for Love.
I prefer less security and being not limited on what I can do with it.
Maybe some runtime option for running unknown code in a restricted mode would be handy but Sandbox should NOT be default.

Re: Complete Lack of Viral Capability

Posted: Wed Jun 02, 2010 10:12 pm
by Benamas
Luiji wrote:Something that could make this project very popular is to remove the ability for viruses to infect systems. This means stuff such as:
- Removing the Lua I/O functions and forcing programs to use the safer love.filesystem module.
- Preventing the ability to start external processes (so that it won't extract an executable and run it).
- Preventing "require" from being used and going back to the love.filesystem.require system to prevent the library from requiring files outside of the percieved safe paths (the game directory and the configuration directory).
if this happens and LOVE is declared/assumed to be 'safe' then an unexpected exploit could be used for malicious intent, the possibility of someone foolishly running bad code actually increases since nobody would suspect a .love file to have a malicious capability

never run unknown/untrusted scripts/programs is the only way to prevent viruses, its not the api developer's responsibility

Re: Complete Lack of Viral Capability

Posted: Wed Jun 02, 2010 10:22 pm
by bartbes
Also, keep in mind love is actually a framework, i.e. a lib. (albeit pretty invasive)

Re: Complete Lack of Viral Capability

Posted: Wed Jun 02, 2010 10:40 pm
by Robin
I don't know about other people, but for me sandboxing LÖVE isn't so much to make it “safe” as for the reason that a game has no business with most of my data.

And as for those applications that do require outside access: they are applications, not games. Therefore, if you want to do it properly, use a framework that is fit for the purpose. LÖVE is a 2D game engine/framework, anything made with LÖVE outside that area is a novelty plaything at best.

EDIT: L33T

Re: Complete Lack of Viral Capability

Posted: Thu Jun 03, 2010 1:11 am
by Luiji
You know, with the concept of the source always being accessible, there really is no need for sandboxing as long as we players just run do a quick look through the code.