Jump to content
Nbacon

Security manager discussion

Recommended Posts

1 hour ago, Nbacon said:

Hello,

I would like to know the argument for the security manager. You can do malicious things with it on like read and write files, execute code via the cmd/termal. What is it stopping?

 

If I’m not mistaken I assume you’re speaking about not having the ability to access files outside of the osbot directory and you’re not able to execute new runtimes afaik.

 

This is intended as you said to avoid people from being malicious to other people. There is no need for anyone to access anything outside of that osbot directory so it is restricted for that reason 

Link to post
Share on other sites
1 hour ago, Malcolm said:

There is no need for anyone to access anything outside of that osbot directory 

I 100% agree that sciprts with unknow code should be sandboxed. 

1 hour ago, Malcolm said:

you’re not able to execute new runtimes afaik.

So yes you can make and run code out side of osbot.(example below) You can also read files out side of the osbot folder but not write to them(kinda dumb but ok). 

Quote

@ScriptManifest(author = "Bacon", name = "MAYBEmalicious", info = "malicious", version = 0.0, logo = "")
public class Test1 extends Script {

    @Override
    public void onStart() throws InterruptedException {
        try {
            File file = new File(getDirectoryData() + "/Main.java");
            BufferedWriter output = new BufferedWriter(new FileWriter(file));
            output.write(
                    "import javax.swing.*;\n" +
                            "import java.awt.*;\n" +
                            "\n" +
                            "public class Main{\n" +
                            "\n" +
                            "    public static void main(String[] args) {\n" +
                            "\n" +
                            "        JFrame frame = new JFrame(\"FrameDemo\");\n" +
                            "        frame.setMinimumSize(new Dimension(800, 400));\n" +
                            "        frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);       \n" +
                            "\n" +
                            "        JLabel myLabel = new JLabel(\"Hello World !!!\", SwingConstants.CENTER);\n" +
                            "        myLabel.setFont(new Font(\"Serif\", Font.BOLD, 22));\n" +
                            "        myLabel.setBackground(Color.blue);\n" +
                            "        myLabel.setOpaque(true);\n" +
                            "        myLabel.setPreferredSize(new Dimension(100, 80));\n" +
                            "\n" +
                            "        frame.getContentPane().add(myLabel, BorderLayout.NORTH);\n" +
                            "        frame.pack();\n" +
                            "\n" +
                            "        frame.setVisible(true);\n" +
                            "    }\n" +
                            "}");

            output.close();
            Thread.sleep(1000);
            Runtime.getRuntime().exec("javac " + getDirectoryData() + "/Main.java");
            Thread.sleep(1000);

            Runtime.getRuntime().exec("java -cp " + getDirectoryData() + " Main");

        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    @Override
    public int onLoop() throws InterruptedException {
        
        stop();
        return 100000;
    }
}

 

For me It seems like more of an annoyance than a safety measure because it can be "easy*" bypassed.

 

 

Ps congrats on super mod

*Dumb workarounds

  • Like 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...