Jump to content
SubSpace Forum Network

Extending Continuum

madhaha

By madhaha
in General Discussion

 Share

Recommended Posts

Coconut emulator Newbie

Coconut emulator

Posted
Posted
Hrmm why not. We can pay to Priit the same we could pay for the game on stores... But a lot of players are under 18 years old... not much money for games and things... most of them won't pay a cent... Why don't you open another poll topic to answer that to everybody? heh
  • Replies 111
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Smong Newbie

Smong

Posted
Posted
As soon as you implement this dll thing, you will open up holes in the security.

Like what? Only plugins the server specifies can be run, there will obviously be a checksum (for the download process) and the thing that says "you cannot rename/move this file as it is in use" dialog when you try to overwrite it with a different dll.

madhaha Newbie

madhaha

Posted
  • Author
Posted
Allowing user dll's to load into Continuum would be giving access to the process space. Even the menu dll is checked before loading to prevent modification. From a security POV, this would be a very tricky thing to implement.

 

Smong: This basically translates as the plugin system could be used to work out all the internal workings of Continuum for cheaters unless its VERY carefully done. Obviously this would be a bad thing.

SOS Newbie

»SOS

Posted
Posted

But who would stop people from spreading a virus or a trojan in the plugins?

.Net has security measures for these kinds of things, but Continuum not .Net :(

Smong Newbie

Smong

Posted
Posted
the plugin system could be used to work out all the internal workings of Continuum for cheaters

How about only SSC zones can use this feature (with a special server that won't be made public). Developers would be given a modified client with the sensitive stuff removed so that they can run a test server to test out their plugin. Since they are running the server on their own machine they can give themselves VIP/sysop to allow the special client.

madhaha Newbie

madhaha

Posted
  • Author
Posted
Or a malicious zone operator could put code the all clients that deleted all files, etc.

 

I severely doubt that. The general idea was to write something akin to an API to allow, for example, the manipulation of screen elements. The actual details of what graphics are generated are handled by the plugin but the plugin itself cannot do anything which the client does not support e.g. file manipulation. There MIGHT be the possibility of things like buffer overflow style attacks unless the coding is done very carefully. Other possibilities might be a keylogger (as the functions required by a keylogger are the same as those required for legitimate plugins) but basically NOT things which would cause major trouble.

 

A way round this is to require all plugins to be digitally signed by the SSC before they could be used (so presumably we would need people to check the code before we authorize its use or even testing) or perhaps limit the use of plugins to SSC only zones/trusted developers.

 

Gives the SSC something to do I guess.

SOS Newbie

»SOS

Posted
Posted

SSC? Hah, that does not sound good at all blum.gif

But still, what's to stop the plugin (we are talking about DLLs, yes?) from calling normal non-plugin functions? Could easily delete and do other havoc like this.

Smong Newbie

Smong

Posted
Posted

If a SSC zone started deleting files off players computers I think they would get taken off SSC (so there plugin privilege will be removed).

 

Maybe it's possible for the client to remove some malicious function calls before executing the code? Rather like emulators changing the function addresses and stuff. Or someone could make a separate utility program to warn on bad code, then zone owners would get the choice to use someone's plugin or not without having to know about programming.

madhaha Newbie

madhaha

Posted
  • Author
Posted

I think thats why everyone is panicing. If instead of "plugin" we used the word "scripted language" everyone would assume its secure. Nothing's finalised yet but I suspect that programmers would be happiest with DLL's.

 

Isn't there any way to simply discard illegal calls? I'd be more worried about the buffer overflow scenario.

SOS Newbie

»SOS

Posted
Posted

You can't really make a list of all the possible functions of all the libraries in the world and see what is safe :/

A script language would be the only choice as far as I see.

numpf Newbie

numpf

Posted
Posted
Wait a minute, are you telling me you can't stop DLL's from calling stuff outside the core?
The fact that you dont know this is why you shouldn't even be talking about it. You wont get your plugin interface unless you rewrite cont yourself, end of story. That goes for a lot of the rest of you.

 

If some of you are acedemically interested in how it MIGHT be implemented (and why it must be), there are some good examples out there you can find if you know how to use google. I'm pretty sure there was a nice util shipped with BG2 that allowed you to sorta create a custom script lang. One of the practical restrictions of such a language would be NO memory management or pointers.

 

Some articles that sound good (i didn't read/review any for you, sorry) are linked from here and here

 

-numpf

madhaha Newbie

madhaha

Posted
  • Author
Posted
Well, yes.

 

In that case we need to look at alternative systems.

 

Numpf, the first link you gave provides some interesting solutions (the second link was for books on the topic) but they are geared towards the engine writer's point of view on how to provide scripting. I feel that you clearly believe that Priitk would be no help outside of providing bugfixes to Continuum but I disagree. Even if Priitk were not to implement the system himself, I think that discussion now would aid future development if he passes the sourcecode along.

 

Given that the last person to attempt writing a client (Snruuub) got banned for doing so, the only hope we currently have lies with convincing Priitk.

SOS Newbie

»SOS

Posted
Posted

Snrrrub didn't get banned for doing so, he just was never liked and trusted by the "bigshots".

He is/was still working on it, but with his schoolwork and general laziness, he has lazied off on it a lot blum.gif

divine.216 Newbie

divine.216

Posted
Posted
But who would stop people from spreading a virus or a trojan in the plugins?

.Net has security measures for these kinds of things, but Continuum not .Net :(

 

.net has a built in virus scanner? sounds efficient.

numpf Newbie

numpf

Posted
Posted

I've been holding back, but it's time for flame mode.

In that case we need to look at alternative systems.
No -*BAD WORD*-. This is what several people have been saying.
... but they are geared towards the engine writer's point of view on how to provide scripting.
Huh? what other POV do you want?
I feel that you clearly believe that Priitk would be no help outside of providing bugfixes to Continuum but I disagree. Even if Priitk were not to implement the system himself, I think that discussion now would aid future development if he passes the sourcecode along.
Here I must begin to believe that you are mentally challenged. I have explained several times that a 'plugin' interface is something PriitK WONT do because it's not worth it to him overall. PriitK passing on the sourcecode seems very unlikely, and the top candidate to receive that source seems like it'd be ekted, who has explained what he thinks about this.
Snrrrub didn't get banned for doing so, he just was never liked and trusted by the "bigshots".
More specifically snrrrub has been passed off as an amateur, from what I've seen and heard. There are things you can look for, like a passing suggestion that we should use .NET and compile continuum into microsoft-specific bytecode because it has executable permissions ("managed code"), that mark someone as a newbie.

 

-numpf

madhaha Newbie

madhaha

Posted
  • Author
Posted

numpf you seem quite intent on proving everyone a newbie! Perhaps you missed my introductary "I am not a programmer"? While you are en!@#$%^&*led to your own opinion you aren't being very constructive. Text is a restrictive medium and its hard to work out exactly what you're implicating, especially if it requires some obscure knowledge.

 

I still firmly believe that we can get some sort of support out of Priitk, even if it means we need to bribe him but at this point in discussion, this is a rather moot point.

 

I'm much more interested in the mechanics that would be involved and the sooner we could begin building a model of how the system would work, the sooner we could bring it into reality.

 

Thankyou for the occasional helpful remark and hope you are a bit more constructive in the future.

 

mad.

Mr Ekted Newbie

Mr Ekted

Posted
Posted
If Priit wants to do it, he will do it, and it will not be based on any discussion made here. If Priit does not want to do it, it will not happen. In that case discussing it is pointless, unless you plan on making your own client and getting it accepted by the majority of SS over Continuum. I am not saying this can't happen, but I have not been impressed with the efforts and/or the skill of any who have tried so far. Continuum is our only hope, no matter how depressing that sounds.
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...