• Advertisement
  • Popular Tags

  • Popular Now

  • Advertisement
  • Similar Content

    • By Runemark Studio
      Dark Fantasy Environment and Props





    • By bowcox
      Hi guys! 
      I have created a Pong game that has an AI that is almost beatable, changing the speed of the AI can make it ridiculously easy or hard depending on the way you go about it. 
       
      using System.Collections; using System.Collections.Generic; using UnityEngine; public class ComputerMovement : MonoBehaviour { private float speed; private float reAdjustSpeed = 1f; private Rigidbody2D computer2d; public static bool isTwoPlayer; GameObject theBall; Rigidbody2D rb2d; void Start() { computer2d = GetComponent<Rigidbody2D> (); } void FixedUpdate() { if (isTwoPlayer == true) { speed = 5f; if (Input.GetKey (KeyCode.W)) { computer2d.position += Vector2.up * speed * Time.deltaTime; } if (Input.GetKey (KeyCode.S)) { computer2d.position += Vector2.down * speed * Time.deltaTime; } } if (isTwoPlayer == false) { speed = 3f; if (theBall == null) { theBall = GameObject.FindGameObjectWithTag ("Ball"); } rb2d = theBall.GetComponent<Rigidbody2D> (); //Is the ball going left or right if (rb2d.velocity.x > 0) { if (rb2d.velocity.y > 0) { if (rb2d.position.y > computer2d.position.y) { MoveUp (); } if (rb2d.position.y < computer2d.position.y) { MoveDown (); } } if (rb2d.velocity.y < 0) { if (rb2d.position.y > computer2d.position.y) { MoveUp (); } if (rb2d.position.y < computer2d.position.y) { MoveDown (); } } } //Whilst it's not moving at the paddle, let it gain a slight reset by moving with the ball at a slower pace. if (rb2d.velocity.x < 0) { if (computer2d.position.y < 0) { computer2d.position += Vector2.up * reAdjustSpeed * Time.deltaTime; } if (computer2d.position.y > 0) { computer2d.position += Vector2.down * reAdjustSpeed * Time.deltaTime; } } } } void MoveDown() { if (Mathf.Abs(rb2d.velocity.y) > speed) { computer2d.position += Vector2.down * speed * Time.deltaTime; } else { computer2d.position += Vector2.down * speed * Time.deltaTime; } } void MoveUp() { if (Mathf.Abs (rb2d.velocity.y) > speed) { computer2d.position += Vector2.up * speed * Time.deltaTime; } else { computer2d.position += Vector2.up * speed * Time.deltaTime; } } }  
      I have looked up several posts across many different forums in order to create a much better AI. Most of the posts recommend that I use Raycasts to find out exactly where the ball might hit the paddle. I have looked up how to use them and I'm just completely lost, do raycasts consider collisions and go on infinitely or once they hit a wall, that's where it'll end up? Would anyone be able to help me understand raycasts a little better? 
      If you have another solution that enables me to calculate exactly where the ball will end up on the opponents side, I am more than willing to hear it
      Thanks again if you read this!
    • By eldwin11929
      We're looking for a Unity (C#) Programmer for our 2D Project. We're looking for a new lead programmer to continue with an existing project.
       
      Project is an open-world RTS, and is very close to a prototyping (playable) phase. Our existing lead, unfortunately, has no more time for the project, and thus we are in search of a new one who is interested.
       
      Game is purely fantasy based, and we'll be able to give you much more detailed info about the project as we begin to work you into it.
       
      You'll be working with our junior developer, who has been here since the beginning.
       
      Primary skills needed are just being able to work within Unity. But skills within XML are also a plus.
       
      Our list of major goals we'd need you to do is minimal, yet still fairly extensive:
      -Edit our current Pathfinding system to account for a few extra features.
      -Setup our global map system. You’ll be working off an existing random node-map web generator and existing random map generation system and essentially linking the two together. This includes handling random spawns (which has already been semi-setup) unique to each node’s respective map.
      -Further implementation of an existing random spawning algorithm (used to spawn things like enemies randomly across the Map).
      -Making sure to Save and Record all respective aspects of what was mentioned above.
      -Handling our XML database- database is created, but we’ll need to be integrating it. This includes all various things from units to abilities and so forth. Will also need to handle implementing an object’s unique attributes we cannot take care of within XML.
      -Various Content Implementation (to be done once our XML has been integrated).
      -Various Saving and Recording of all respective aspects of the database info mentioned above.
      -Various Performance Enhancements.
      -Potential for various misc things, such as further UI work.
      -Setting up a Menu system.
       
      We have a considerable amount of things done already- however I must warn ahead of time we have quite a bit of unclean code, which may be fairly overwhelming for a new developer on the project.
       
      Let me know your rates per hour, and we'll see if we can work out a good deal between both of us. Royalties are also included.
       
      If interested, send an email to: eldwin11929@yahoo.com
       
      Thanks!
    • By jhocking
      My bestselling and highly recommended Unity book has been fully revised! Unity in Action, Second Edition teaches you to write and deploy games with the Unity game development platform. You'll master the Unity toolset from the ground up, adding the skills you need to go from application coder to game developer.

      Foreword by Jesse Schell, author of The Art of Game Design

      Don't take my word for it being good, look at the sky-high ratings on GoodReads.

      You can order the ebook directly from the publisher's site, or order the book on Amazon to get both the physical book and a coupon to download the ebook!
    • By ThunderTwonk
      Hello everyone, I am working on a game idea and since I am still in the process of learning C# and the features available in unity I was hoping some of you might be able to offer me a little insight on things in general for getting started.
      I guess the basic components of what I'm wanting to create would be a Multi-levels management/city builder/rpg.
      The goal is to provide a framework for players to interact with, build in and affect the world both from a 3rd person action RPG as well as a zoomed out 4x style view (This would be something unlocked through gameplay)
       
      As for my questions go I was wondering if anyone had resources that could help me learn.  I've been on youtube as well as enrolled in an online course for basic unity and C# and will continue those but if anyone has any words of advice, a place that has good information and tutorials etc.
       
      Thanks for your time.
  • Advertisement
  • Advertisement
Sign in to follow this  

Unity Using whitelisting to run untrusted C# code safely

This topic is 931 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi there! I've been working on a proof-of-concept for a game-maker idea I've had for a while. It boils down to running user-written, untrusted C# code in a safe way. I've gone down the path of AppDomains and sandboxes, using Roslyn to build code on the fly and running the code in a separate process. I have a working implementation up and running, but I've hit some snags.

My biggest issue is that it seems like Microsoft have given up on sandboxing code. See https://msdn.microsoft.com/en-us/library/bb763046%28v=vs.110%29.aspx. They added the "Caution" box a few months back, including this gem: "We advise against loading and executing code of unknown origins without putting alternative security measures in place". To me, it feels like they've deprecated the whole thing.

There is also the issue that AppDomain sandboxing isn't very well supported across platforms. There's no support in Mono. I had hopes for a fix from the CoreCLR, but then I found this: https://github.com/dotnet/coreclr/issues/642 - so no luck there.

So! I've started exploring whitelisting as a security measure instead. I haven't  figured out how big a part of the .NET library I need to include yet, but it feels like I mainly need collections and some reflection stuff (probably limited to messing with public fields). I think I can do all this by examining the code with Roslyn and not allowing namespaces/classes that aren't explicitly listed.
 

I'm comparing my approach with Unity, which does more or less the same thing, e.g exposing only a safe subset of the framework. In their case it's an actual stripped down version of Mono (if I've understood it right), but seems to me the results would be pretty much the same if I get it right.

 

TLDR:

If you have experience with these kind of problems, would you say that is a safe approach? Am I missing something big and obvious here?

Share this post


Link to post
Share on other sites
Advertisement

With reflection, you can circumvent such whitelists.

 

In general, it is not wise to trust user-written code at all. It is unrealistic to assume that one could take into account all possible attack vectors. 

 

In "game makers", the user usually produces just data (or very primitive logic as in LBP), and STILL some users are able to hack the systems via said data.

 

Case in point, I played Mario Maker two days ago and I stumbled upon a level named something like "this will crash the game" - which it indeed did. It is not far-fetched to think that such level could then execute arbitrary code by using the level data as the injection vector, even though presumably the MM level system was not by any means designed to run user code.

 

Case in point 2: by trivially editing some save data of certain Wii games, one used to be able to cause a buffer overflow which could then be used to run arbitrary code, including overwriting the system firmware with a custom one loaded from USB or SD. The trivial edit? Change a save file name to be just slightly longer than the buffer allocated for it. The vulnerable games, which I won't mention here, were not particularly obscure either.

Edited by Nik02

Share this post


Link to post
Share on other sites
I have little experience with C# but I have read into sandboxing a bit in the past. From my knowledge sandboxing works better in some languages than in others (and not at all in a few).

Lua for example should work pretty well because the language constructs available can't be reasonably used to break out of the sandbox or sabotage it. You have to be careful about which 'standard library' functions you give the user though (metatable manipulation and raw* functions are an obvious red flag, but they have a wiki page talking about it). Edited by BitMaster

Share this post


Link to post
Share on other sites
Let's say it like this: I'm pretty certain you cannot break the sandbox without giving a malicious user access to the Lua standard library. The malicious user can still make the Lua VM run out of memory though and the host program has to handle that correctly (mishandled error conditions which usually do not happen are after all a very popular exploit vector). The malicious user can also deadlock a thread unless extra precautions are taken.
Whichever API you inject into Lua (and you have to inject something, unless you just want Lua as a glorified .ini file) must also handle being called in malicious ways.

I don't think you can get much better than Lua for sandboxing purposes though. Out of the box it gives you nothing dangerous and you can control exactly which piece of user code sees what. A lot of other languages can do something like an 'import <feature>' or have access to global objects which you cannot prevent without jumping through a lot of extra hoops.

Share this post


Link to post
Share on other sites

I have some major philosophical problems with the title, I don't see how you can run untrusted code safely in any way.

Either you trust the code and then by definition it's safe enough to run it, or you don't trust the code which means it is unsafe to run by definition. (The latter doesn't need to stop you from running it, it is mostly a slight shift towards expecting malicious behavior by default.)

 

People have been trying to keep crackers out of systems by doing anything you can imagine and a lot more you didn't yet think of, and so far, in the past 25-30 years, they failed. And that is about systems you can only access remotely, by network cable. You let code run on a CPU inside the machine itself! I believe you're just fooling yourself if you think it can be anywhere near safe if you don't trust the code.

 

If you want to make the C# code useful, you must give it some power, which means it is exploitable, even if it's just DoS-ing the local system. You can make it difficult to do harm, but in the end, a malicious person with enough motivation or knowledge cannot be stopped.

Share this post


Link to post
Share on other sites

I have some major philosophical problems with the title, I don't see how you can run untrusted code safely in any way.
Either you trust the code and then by definition it's safe enough to run it, or you don't trust the code which means it is unsafe to run by definition. (The latter doesn't need to stop you from running it, it is mostly a slight shift towards expecting malicious behavior by default.)
 
People have been trying to keep crackers out of systems by doing anything you can imagine and a lot more you didn't yet think of, and so far, in the past 25-30 years, they failed. And that is about systems you can only access remotely, by network cable. You let code run on a CPU inside the machine itself! I believe you're just fooling yourself if you think it can be anywhere near safe if you don't trust the code.
 
If you want to make the C# code useful, you must give it some power, which means it is exploitable, even if it's just DoS-ing the local system. You can make it difficult to do harm, but in the end, a malicious person with enough motivation or knowledge cannot be stopped.


I strongly object to this line of thought. Let's look at StarCraft (the original) and Warcraft 3. A player could go online and browse for games to play with people. While both games came with premade maps, they also contained powerful map editors. When you entered a game with a map you did not have, you automatically downloaded it (as well as having a thriving ecosystem of sites where users could upload, comment and download maps). Apart from the pure map data the maps could also contain significant amount of scripts (after all, that's where the whole Defense of the Ancients concept came from: a Warcraft 3 map which ended up being popular).
That worked because the map scripts were properly sandboxed and to my knowledge there was never any exploit where the risk to a player was ever more than "it's not fun".

Granted, the OP's initial idea of using C# is probably not feasible (but I already wrote about that and talked about alternatives). Care must be taken to properly sandbox things but it has been done in the past and, especially if you only need a limited scope, it is doable.

Share this post


Link to post
Share on other sites

Thanks for the replies so far! I should have explained my situation a bit more. It's about the same as BitMaster's example of WC3 maps. I want to use C# for scripting-type of work. Even when limited, I expect it to be very useful. Some points for context:

  • Users will download mods as code and compile+run them locally. There's no downloading/running of arbitrary .exes or other files. I can examine the code thoroughly before running it.
  • I'll examine the actual semantic model of the code through Roslyn, not match raw code strings.
  • Disallowing the unsafe keyword should avoid problems with buffer overruns, etc. (Well, if I haven't missed something, which is why I'm posting this!)
  • Crashing isn't an issue. I can't help if a mod crashes the sandbox process, but it won't bring down the entire application at least. I imagine mods that crashes the game for you won't be that popular.
  • Allowing reflection isn't a requirement.

I'm interested to hear about specific ideas/examples for how you'd be able to attack this setup, given the constrains I mentioned above. I know it's a tricky thing to guarantee that something is secure, but at the same time I can't come up with a single concrete example in my setup where this would be an actual problem. If you'd like, consider it a challenge! smile.png

 

Side note: I use C# instead of Lua because I prefer that language, and I'm hoping to ride a bit on the XNA/Unity-wave. I can use Roslyn for real-time compiling, giving error messages, providing with intellisense-like tooling, etc. Also, it lets me use a common framework for my engine code and mod code. Basically, it saves me a *ton* of works, which makes this a feasible (more or less...) project for me.

Share this post


Link to post
Share on other sites

Have you considered using a form of ecmascript or javascript as your scripting language? 

 

Javascript has been proven as a reasonable language to sandbox as it is used on websites the world over and it is extremely rare you get javascript exploits which allow execution of unsafe code or intrusion into other sandboxes. 

 

In the grand scheme of things, for the complexity and popularity of the language it is quite secure and there are literally licensed libraries for it...

Share this post


Link to post
Share on other sites
Roslyn cannot make the distinction between good and malicious intents. Something like encrypting all files in "my documents" is just business as usual for the system, but the majority of users certainly don't want a game to do that.

The overarching problem is that it is impossible to recognise harmful code in advance. And when all of your users get hacked by a malicious content pack that slipped past your inspection, it largely becomes your problem. Edited by Nik02

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement