[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Sandbox implementation, attempt #2
- From: "David F" <kumpuu@...>
- Date: Sun, 19 Mar 2017 02:24:24 +0100
On 18/03/17 11:52 PM, Soni L. wrote:
> There are no exploits with *signed* bytecode (if you use a CSPRNG and
> stuff and implement it correctly), except if you have access to the key
> (which only the player should have, NOT the mod author).
> For large mods, they could pre-compile themselves on the user's machine
> to speed up loading.
Let me recap to see if I understand you correctly. Your concept is basically:
-Generate a key the first time my extension runs on a users PC
-When running a new mod, compile it to bytecode and sign it with that key for faster loading times in the future
Keeping the bytecode for loading times is a good idea, but for now I want to keep it simple. And wouldn't it be easier to store it in a separate directory where the mod has no access to? No need for cryptography.
Also, I don't want to be unthankful, but my question was if there are flaws in the current implementation of my sandbox. I have never done sandboxing before and as far as I understand security, details (which I don't have the experience to notice) can really matter.