Crossfire RPG game / Feature Requests / #81 Restrict scripts for better security

#81 Restrict scripts for better security

Status: open

Owner: nobody

Labels: server (84)

Priority: 7

Sponsored:

Updated: 2019-01-05

Created: 2006-08-31

Creator: Andrew Fuchs

Private: No

The Python plugin and any other plugin implimented in
the future that allows similar flexibility, should
restrict i/o to only what it may need to access.
Currently the scripts can access whatever the server
can access. This becomes a problem when non-standard
map distributions are installed, which contain a
malicious scripts. If more flexibility is needed by a
particular script, a whitelist could be used.

Discussion

Kevin Zheng - 2013-12-27

Running scripts in a sandbox or another form of restricted context seems useful. Right now a badly-written script can change the global state and cause the server to freeze or shut down.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Kevin Zheng - 2013-12-27

Group: -->

Priority: 3 --> 7
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.