 |
lua-l archive |
|
|
||
|
On 18/03/17 11:52 PM, Soni L. wrote:
> There are no exploits with *signed* bytecode (if you use a CSPRNG and
> stuff and implement it correctly), except if you have access to the key
> (which only the player should have, NOT the mod author).
>
> For large mods, they could pre-compile themselves on the user's machine
> to speed up loading.
Let me recap to see if I understand you correctly. Your concept is basically:
-Generate a key the first time my extension runs on a users PC
-When running a new mod, compile it to bytecode and sign it with that key for faster loading times in the future
Keeping the bytecode for loading times is a good idea, but for now I want to keep it simple. And wouldn't it be easier to store it in a separate directory where the mod has no access to? No need for cryptography.
Also, I don't want to be unthankful, but my question was if there are flaws in the current implementation of my sandbox. I have never done sandboxing before and as far as I understand security, details (which I don't have the experience to notice) can really matter.
--David