Jump to content

  • Log In with Google      Sign In   
  • Create Account


collinstocks

Member Since 31 May 2013
Offline Last Active Jun 05 2013 12:22 PM

Topics I've Started

Safety (executing untrusted AngelScript code)

31 May 2013 - 09:55 PM

I am planning to create an application which is similar to a web browser in some respects: it executes untrusted code in order to manipulate its behavior. In a web browser, this would be the display. In my application, it may be the display or possibly some other things. What is manipulated is not really very important.

 

AngelScript seems to be exactly what I am looking for: it is fast, its syntax is familiar, it can be embedded in an application, it supports multiple contexts (I forget the technical term you use in your documentation), it has good documentation, and it is sandboxed---that is, the script will only have access to the functions I give it access to.

 

I just had a few questions about the safety of running untrusted AngelScript code, and specifically the bytecode.

 

If I provide the AngelScript environment with the function with prototype "void print(const string &in)" (as per an example in the documentation), what is the behavior of a script which calls "print(0)"? Will this fail to compile to bytecode? I would assume that this would probably be the case.

 

How about a different scenario: An evil person (Eve) provides the AngelScript environment with "void print(const int &in)" and compiles her program which calls "print(0)" to bytecode. She then exports the bytecode and sends it over a network to me.

 

I then load the bytecode into an AngelScript VM which is provided the original function with prototype "void print(const string &in)" instead of Eve's version. What is the behavior in this case?

 

More generally, is it safe to load untrusted bytecode into the AngelScript VM assuming that I only provide the AngelScript environment with safe functions? Is there any unrestricted memory access that the bytecode is capable of performing? Is it able to, for example, treat integers as pointers and follow them, or free a pointer and then follow it, or double-free a pointer?

 

 

 

tl;dr: Can I execute untrusted AngelScript bytecode sent from an untrusted server, or should I compile AngelScript code at the client end before running it?

 

 

 

Edit (answer): According to "Things to remember" on this page in the documentation, it is not safe to execute untrusted bytecode. I am really grateful for the extensive documentation you have created!


PARTNERS