quote:Original post by Extrarius
The problem with the scripting language idea is that it is more complex. The more complex something is, the easier it is for bugs to be introduced. The more bugs there are, the easier it is to abuse. If you use a static array somewhere in your VM and you don't do bounds checking every time you access it(among other checks), you could easily end up with a buffer overflow, or some other 'simple exploit'. The problem exists even if you don't use your scripting language for the network protocol, but its harder to exploit because the hacker will have to make a level with the bad script and get people to run it. If it's run automatically from the network, he/she can just join a game and send the malicious code across the internet and he now has total control over their PC and can do whatever he wants including running aritrary code.
[edited by - Extrarius on February 13, 2003 1:54:54 PM]
I agree with you. But if I may:
A scripting language is actually simpler. Especially one where when do RPC you actuall send the line of code that gets re-interpreted by the VM. That makes for a very simple server.
You are missing the point that if the VM you wrote does not give access to os-level feature of the machine, the hacker CANNOT get access to them. That means not script function to open a file, not script function to write to file, etc. Only game related stuff. If the some scripts needs to access os feature, it should do it in a high-level way, where the details of access are not controled by the script call, but by the need to the call. e.g. if you want to load a model, you don't open the file, you request to load the model with it's name. I will agree that most of the time, it is not a trivial task, but for a video games, the actions that can be done using a script language can be implemented without giving control of the os-feature.
It has been done before you know. Python has a sandbox, Java as a sandbox, many other tech I don't know about have a sandbox.
Stop spreading fud people. A network command is a network command whatever way you send it. There is nothing different to sending a line of code then sending some chunk of data to a server with a CommandId and command arguments.
[edited by - Gorg on February 13, 2003 2:17:38 PM]