Permissions in Script Files

[fearlessfrog]

Hi,

Some friendly community feedback in regards to C#/Scripting

The c-sharp scripting files that can be used as part of building a mission do not appear to be sandboxed. What this means is that a malicious mission maker could do things like remove files, connect to the net, access local resources as the current win logon.

My worry is that people will download missions in .mis & .cs format and not understand what is potentially running.

My suggestion to the product team to help this would be:

- Short-term. Put something in the mission reader code that makes the player specifically enable mission files that use the .CS scripting. The default would be 'ignore'. This would then offer some sort of 'opt-in' from running something malicious inadvertently.

- Longer-term. Consider reducing the .NET Code Access Security permissions on the scripting engine you are using, i.e. sandbox but not at FullTrust. I understand this is a design consideration, but security is not worth taking risks for. Additionally, some sort of 'code signing' for the scripting would be useful too.

As the SDK is not released I realize this is just still Work in Progress, but felt I should at least say something to prevent people from executing code without at least understanding the consequences.

More info/discussion here:

http://simhq.com/forum/ubbthreads.ph...pting_Fun.html

COD has some amazing potential in this area, I just want to make sure it starts off safely...

EDIT: As pointed out by Kegetys at SimHQ - wouldn't even just connecting to a server and having it download the mission files then allow for remote code to be executed on the client PCs? Is that how it works (not really looked at server mission and how they deploy files to each client). If this is the case then it is perhaps quite urgent to review?