• Announcements

    • khawk

      Download the Game Design and Indie Game Marketing Freebook   07/19/17

      GameDev.net and CRC Press have teamed up to bring a free ebook of content curated from top titles published by CRC Press. The freebook, Practices of Game Design & Indie Game Marketing, includes chapters from The Art of Game Design: A Book of Lenses, A Practical Guide to Indie Game Marketing, and An Architectural Approach to Level Design. The GameDev.net FreeBook is relevant to game designers, developers, and those interested in learning more about the challenges in game development. We know game development can be a tough discipline and business, so we picked several chapters from CRC Press titles that we thought would be of interest to you, the GameDev.net audience, in your journey to design, develop, and market your next game. The free ebook is available through CRC Press by clicking here. The Curated Books The Art of Game Design: A Book of Lenses, Second Edition, by Jesse Schell Presents 100+ sets of questions, or different lenses, for viewing a game’s design, encompassing diverse fields such as psychology, architecture, music, film, software engineering, theme park design, mathematics, anthropology, and more. Written by one of the world's top game designers, this book describes the deepest and most fundamental principles of game design, demonstrating how tactics used in board, card, and athletic games also work in video games. It provides practical instruction on creating world-class games that will be played again and again. View it here. A Practical Guide to Indie Game Marketing, by Joel Dreskin Marketing is an essential but too frequently overlooked or minimized component of the release plan for indie games. A Practical Guide to Indie Game Marketing provides you with the tools needed to build visibility and sell your indie games. With special focus on those developers with small budgets and limited staff and resources, this book is packed with tangible recommendations and techniques that you can put to use immediately. As a seasoned professional of the indie game arena, author Joel Dreskin gives you insight into practical, real-world experiences of marketing numerous successful games and also provides stories of the failures. View it here. An Architectural Approach to Level Design This is one of the first books to integrate architectural and spatial design theory with the field of level design. The book presents architectural techniques and theories for level designers to use in their own work. It connects architecture and level design in different ways that address the practical elements of how designers construct space and the experiential elements of how and why humans interact with this space. Throughout the text, readers learn skills for spatial layout, evoking emotion through gamespaces, and creating better levels through architectural theory. View it here. Learn more and download the ebook by clicking here. Did you know? GameDev.net and CRC Press also recently teamed up to bring GDNet+ Members up to a 20% discount on all CRC Press books. Learn more about this and other benefits here.
Sign in to follow this  
Followers 0
fir

theoretical of practical safety of binary (www) plugins ?

31 posts in this topic

i never thinked about ot so i would like to ask in this case.

lets assume that instead od loading javascript code into a browsers

you download a binary compiled c/asm modules (in the form of

dlls or something like that) such dll should be restricted only to

modify client area of web browser but could use full processor and

gpu abilities 

 

can it be done safe (on windows especially) or there are some basic

problems to do it safe that disqualify this tehnology?

 

0

Share this post


Link to post
Share on other sites

I'm not sure what you're asking, but you can't run a binary and you can't access the whole file system with JavaScript.

 

If you meant replacing the content of .js file with the content of an executable file, the browser won't recognize the file as valid JavaScript code and will throw it away immediatelly. And even if somehow the file is not discarded, the file won't be executed as "starting a new proccess in the OS", it will be interpreted as JavaScript code and it will run contained by the security rules of JavaScript.

 

If you meant downloading a file from a page like you do everyday, Javascript is not concerned about that, and the browser won't put any restriction on it. If you downloaded a file you did it manually, if you run that file from the download list of the broswer you're doing it manually. The best thing the browser can do is warn you about possible problems of runing an executable file that you just downloaded.

 

If you configure the browser to download and open everything automatically and you download and run malicious software you're kinda doing it manually.

 

When the user does something is his/her fault and the security problem is much bigger than the browser aspects of security.

0

Share this post


Link to post
Share on other sites

I'm not sure what you're asking, but you can't run a binary and you can't access the whole file system with JavaScript.

 

If you meant replacing the content of .js file with the content of an executable file, the browser won't recognize the file as valid JavaScript code and will throw it away immediatelly. And even if somehow the file is not discarded, the file won't be executed as "starting a new proccess in the OS", it will be interpreted as JavaScript code and it will run contained by the security rules of JavaScript.

 

If you meant downloading a file from a page like you do everyday, Javascript is not concerned about that, and the browser won't put any restriction on it. If you downloaded a file you did it manually, if you run that file from the download list of the broswer you're doing it manually. The best thing the browser can do is warn you about possible problems of runing an executable file that you just downloaded.

 

If you configure the browser to download and open everything automatically and you download and run malicious software you're kinda doing it manually.

 

When the user does something is his/her fault and the security problem is much bigger than the browser aspects of security.

 

im asking about different thing - some solution when you would use native binary plugins (some kind of dlls) though restricted instead of ineterpreted

or at least not native things like js or hava plugins -

 

im curious if it could work safely or if not for what reasons

0

Share this post


Link to post
Share on other sites

Microsoft did it with ActiveX, which was... bad, very bad.

Not only is it a huge security risk but on top of that you'd have to provide different executables, at least for x86 and ARM

ye a heard about that (though never interested with that as it was already obsolete)- but asking here if such reasons for beaing not safe are fundamental or it could be done safely

 

other thing if this is worth doing from the reason you said for example, as it is major unconvenience

0

Share this post


Link to post
Share on other sites

Im pretty sure that there exists a C to javascript converter.

 

Now, im also pretty sure browsers can convert javascript to machine code using JIT technology.

 

So essentially what you describe is already possible. You write C, and at least some of it will be executed using direct machine code.

 

 

Obviously this is probably inefficient because it would go through javascript as an intermediate step and JIT compilation is not as optimized as offline optimized compilation, but you get the idea. The machine code has to be generated or checked by a trusted party id expect though (which is the case with JIT, as its done by the browser).

0

Share this post


Link to post
Share on other sites

@up 

I was not asking about js (though it is interesting to)

more im interesyed if such native code module can be done

safely, i mean safely restricted - For example when you run

asembly code you have adressing abilities of assembly

language you can read any adresa and write to any adress

so you possibly can break the whole system - though probably

you can disable this reading and writing apilities in such plugin

by setting the properties of virtual pages of ram or something

- I dont know

 

the other question is if it is worth doing , the advantage would be 

that surfers could safely run and test some codes like desktop games with no need to unsafely run it in the system - bit useful but oberal im not sure if this would be worth it

Edited by fir
0

Share this post


Link to post
Share on other sites

Apart from the ancient ActiveX, there have been some more modern attempts to bring something like that, but I don't think they were widely accepted: Chrome NaCl (Native Client). http://en.wikipedia.org/wiki/Google_Native_Client

 

 

Interesting, ye this is something like im talking about

 

curious if games made in JS or as java applets are much more slow than that? I heard tahat Js is about 5 times slower than native code, java should be faster probably.. still dont know those things though they are probably well known

0

Share this post


Link to post
Share on other sites

Depending on how you define 'safe' I would argue that neither can be done safely.
 

 

 

windows programs are anyway strangely unsafe, for example is it often a need to grant an application possibility to write data to the other folders than its own? - also to change global settings etc

0

Share this post


Link to post
Share on other sites

 

curious if games made in JS or as java applets are much more slow than that?


This is why The Code Deity invented Benchmarks and gave the Word to the People so that they might spread the Benchmarks to all that they might know Her grace and majesty.

Here's one of Box2D that literally took 10 seconds to find.

 

 

very interesting - close to what i heard but a bit more indepth

 

javascript being slower a couple of times (say about 7x and that order -

that is fast, quite fast),

jave being slower 2x here (I tested sometimes java is faster, some number crunching i tested in java once was so fast as in c) anyway it is also fast

 

action script is faster than javascript and a bit unknown to me asmjs is

like java

 

so imo it is worth to invest in javascript as it is easy to use and interesting

0

Share this post


Link to post
Share on other sites

In answer to the Thread Title.

Anything that is transported from the internet onto a machine and executed there natively just in place is a security risk. Only in a closed environment and for a defined set of commands it may have a  lower risk, because it is under control of the management of this closed environment.

0

Share this post


Link to post
Share on other sites

In answer to the Thread Title.

Anything that is transported from the internet onto a machine and executed there natively just in place is a security risk. Only in a closed environment and for a defined set of commands it may have a  lower risk, because it is under control of the management of this closed environment.

sure but question is if binary code couldnt be safely sandboxed same safely as bytecode or scriptcode

Edited by fir
0

Share this post


Link to post
Share on other sites

This is another very different question.

 

byte-code-interpreters use a virtual machine to let the code run.

If you want native code let run in a vm you loose the speed benefits that may exist compared to a java vm or php or perl.

 

All the for now existing byte-code languages with their respective VM have a long time of development gone by. If a solution do not give any benefit over the already available languages noone will work on the realization of such a technique.

0

Share this post


Link to post
Share on other sites

This is another very different question.

 

byte-code-interpreters use a virtual machine to let the code run.

If you want native code let run in a vm you loose the speed benefits that may exist compared to a java vm or php or perl.

 

All the for now existing byte-code languages with their respective VM have a long time of development gone by. If a solution do not give any benefit over the already available languages noone will work on the realization of such a technique.

 

as you see gogle native client is doing this, they say 

 

NaCl uses software fault isolation for sandboxing on x86-64 and ARM.[17] The x86-32 implementation of Native Client is notable for its novel sandboxing method which makes use of the x86 architecture's rarely-usedsegmentation facility.[18] Native Client sets up x86 segments to restrict the memory range that the sandboxed code can access. It uses a code verifier to prevent use of unsafe instructions such as those that perform system calls. To prevent the code from jumping to an unsafe instruction hidden in the middle of a safe instruction, Native Client requires that all indirect jumps be jumps to the start of 32-byte-aligned blocks, and instructions are not allowed to straddle these blocks.[18]Because of these constraints, C/C++ code must be recompiled to run under Native Client, which provides customized versions of the GNU toolchain, specificallyGCC and binutils as well as LLVM.

 

(i do not understand whats going on with this 32-aligned blocks, but anyway it seem that i can answet to my question that it can be done 

safely though with some slowdown (some benhmark mentioned in other thread was saying that it was for example 30% slowdown) Anyway im not sure if it is so much usable, Todays ineternet seem to be full of so many tehnologies, java, flash, javascript, some other things yet this 9i know a little about this all)

0

Share this post


Link to post
Share on other sites

Not using a VM but trying to isolate the plugin is a security risk. Using the segment registers makes assumptions about the processors that run the software. On Intel processors this may work, even it is something that noone should rely on. Forced to use a different toolchain and to use a 32-Bit environment gives lots of trouble while creating the software.

 

If you develop the software and do your tests on a simple PC machine, and you must afterwards cross-compile the software to put it on target, you added the first source of faults to your development. Reducing the default data width from a 64-Bit environment to a 32-Bit environment you will add another source of faults to your development.

0

Share this post


Link to post
Share on other sites

sure, but i know that all no need to write it to me as i just know it;

as for me this thread can be closed now

0

Share this post


Link to post
Share on other sites

If you know all that .... why you started the thread?

Ahhhh. I know too. This is a intelligence test ... you are an alien and checks the situation on earth.  But I tricked you.

0

Share this post


Link to post
Share on other sites

If you know all that .... why you started the thread?

Ahhhh. I know too. This is a intelligence test ... you are an alien and checks the situation on earth.  But I tricked you.

 

I was asking about something different than you answers, for example the exact technical reasons why it cannot be sanboxed safely - but it showed that it can so dont matter

0

Share this post


Link to post
Share on other sites

From the starter post:

... only to modify client area of web browser but could use full processor and gpu abilities  ....

This can not be done safely.

 

Because even the google native client has speed implications and cannot access all OS resources. You talked about "full processor and gpu abilities". And there is the difference. If you allow a loss of speed you can safely execute nearly any style of code, even native code. In any other case you start to be "unsafe".

 

The more "unsafe" the execution environment is, the more speed can be achieved. Safety mechanisms always  slows down things.

0

Share this post


Link to post
Share on other sites

From the starter post:
 

 

... only to modify client area of web browser but could use full processor and gpu abilities  ....

This can not be done safely.

 

Because even the google native client has speed implications and cannot access all OS resources. You talked about "full processor and gpu abilities". And there is the difference. If you allow a loss of speed you can safely execute nearly any style of code, even native code. In any other case you start to be "unsafe".

 

The more "unsafe" the execution environment is, the more speed can be achieved. Safety mechanisms always  slows down things.

 

propably, but x86 memory protection mechanisms (you know this setting atributes to memory pages to make them not readable not writeable not executable are probably quite cheap so it is probably some way of make this binary sandboxing protection with not to much cost (dont matter i m bit tired as usual and moved to another more gamedev topics now again)

0

Share this post


Link to post
Share on other sites

If you make a memory page "not executable" it cannot be executed. That is the very opposite to "native execution". :D

 

It isnt that easy. If it were, it would be done already because the whole internet world depends on the ability to safely execute some code in browsers. And because it has not been reached, to surf without beeing attacked by trojans and viruses all the time, you see that it is not this easy.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0