'untrusted' code

Questions about the LÖVE API, installing LÖVE and other support related questions go here.
Forum rules
Before you make a thread asking for help, read this.
User avatar
pgimeno
Party member
Posts: 3686
Joined: Sun Oct 18, 2015 2:58 pm

Re: 'untrusted' code

Post by pgimeno »

gfgtdf2 wrote: Tue Sep 15, 2020 9:42 pm The reason why running umc (UserMadeContent) code on the server would require people to limit its cpu usage is simply that the server shouldn't become become unresponsive (for probably many players in case that the server hosts multiple games) if one umc author writes bad code.
Minetest has been running user mods since it was created in... was it 2011?

What has happened in this situation in the case of Minetest, is that the mod in question becomes known for being a lag generator, making it be avoided by server owners. It doesn't happen often, though. Mod authors tend to write bad Lua code, but not that bad.

If you want to protect against that, and e.g. add a timeout that limits the running time for mod code, it's possible too. There's one Minetest mod that allows running untrusted Lua code: the Mesecons Luacontroller. It implements a sandbox with this kind of timeout. Going there is a hell, though, as I earlier said. If you aim at making it immune to deliberate attacks aimed at hanging the server (or at exploitable bugs in a mod that can cause an infinite loop), the JIT must be turned off for the untrusted code, see https://github.com/minetest-mods/mesecons/pull/256 and how the Luacontroller implements it.

Minetest implements some degree of security, to protect server owners, but it's not too paranoid about it. Where it goes really paranoid is when it comes to server-sent client-side mods, which are not yet fully implemented as of this writing due to security concerns.
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 6 guests