lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

In general you should just remove the functions at compile time instead of removing at runtime in the vm. Another thing that you might consider a security ossue is your makesafeph function. In general it is not as simple as a few regex replaces.

On Mar 18, 2017 9:24 PM, "David F" <> wrote:
On 18/03/17 11:52 PM, Soni L. wrote:
> There are no exploits with *signed* bytecode (if you use a CSPRNG and
> stuff and implement it correctly), except if you have access to the key
> (which only the player should have, NOT the mod author).
> For large mods, they could pre-compile themselves on the user's machine
> to speed up loading.

Let me recap to see if I understand you correctly. Your concept is basically:
-Generate a key the first time my extension runs on a users PC
-When running a new mod, compile it to bytecode and sign it with that key for faster loading times in the future

Keeping the bytecode for loading times is a good idea, but for now I want to keep it simple. And wouldn't it be easier to store it in a separate directory where the mod has no access to? No need for cryptography.

Also, I don't want to be unthankful, but my question was if there are flaws in the current implementation of my sandbox. I have never done sandboxing before and as far as I understand security, details (which I don't have the experience to notice) can really matter.