Open Source Security Concerns

isomorphic · **Joined:** Tue Feb 13, 2007 4:36 pm **Posts:** 92

People concerned about how to safely run untrusted python code should take a look at . It describes a way to automatically generate a python interpreter that is incapable of communicating over a network, writing files, or any other sort of I/O except for reading from stdin and writing to stdout. Any untrusted python code (i.e. code bundled with an age) gets run in this sandboxed python interpreter, and all the file I/O and networking are handled on it's behalf by another program that acts as a gatekeeper. This controller program is responsible for implementing any security restrictions, so if the sandboxed python asks the controller to write a file in an unapproved location, it would simply refuse. The controller would be part of Uru, so it would be code that users got from a trusted source. As long as it's security policies aren't too permissive, the most that clients would be risking by running untrusted code bundled with an age is that the age would break, resulting in a crash to the desktop or linking to relto.

Of course, the above only solves the original problem of allowing the client to run untrusted python code. It doesn't solve any of the problems like flymode, but it does mean that we can make an Uru client that you can trust to never infect or destroy your system (provided you get an un-tampered Uru client from a trusted source).

JWPlatt · **Posted:** Mon Jun 07, 2010 9:28 pm

Consider this a devil's advocate post from an open source believer (and promoter):

For your consideration:

Open-Source Could Mean an Open Door for "Hackers" [quotations added for subjectivity of the word]
http://www.technologyreview.com/computing/25480/

Whilyam · **Joined:** Tue May 09, 2006 1:04 am **Posts:** 4134

The present configuration is an open door for "hackers" already, so I'm not too concerned

Bert_2 · **Posted:** Thu Jun 10, 2010 9:29 pm

Keikoku · **Posted:** Fri Jun 11, 2010 12:40 am

we6jbo · **Joined:** Wed Sep 15, 2010 9:50 pm **Posts:** 3

If there's a reason why the community would want to branch the Uru server/client code then how about creating a compile farm where the developers can submit their sourcecode and the compile farm can create the binaries for the client/server. That way anyone who is downloading a game client knows that the sourcecode is also available on the compile farm's webserver and in no way can the developer alter the code after it has been compiled by the server farm to remove any malicious code. In addition, if you're afraid that the developer could later change the server soucecode to include malicious code then what the server farm could do is after it reveals the source code on the web server, it could then inject authentication code into the source before compiling it so that the client could only connect to servers that have the correct authentication code which would have a public/private key pair as part of the encrypted binary. Hopefully that makes a little sense. If not, I can re clarify.

Open Source Security Concerns

Who is online