Nbacon 77 Posted December 21, 2020 Share Posted December 21, 2020 (edited) Hello, I would like to know the argument for the security manager. You can do malicious things with it on like read and write files, execute code via the cmd/termal. What is it stopping? Edited December 21, 2020 by Nbacon spelling+grammar Quote Link to post Share on other sites
Malcolm 871 Posted December 21, 2020 Share Posted December 21, 2020 1 hour ago, Nbacon said: Hello, I would like to know the argument for the security manager. You can do malicious things with it on like read and write files, execute code via the cmd/termal. What is it stopping? If I’m not mistaken I assume you’re speaking about not having the ability to access files outside of the osbot directory and you’re not able to execute new runtimes afaik. This is intended as you said to avoid people from being malicious to other people. There is no need for anyone to access anything outside of that osbot directory so it is restricted for that reason Quote Link to post Share on other sites
Nbacon 77 Posted December 21, 2020 Author Share Posted December 21, 2020 1 hour ago, Malcolm said: There is no need for anyone to access anything outside of that osbot directory I 100% agree that sciprts with unknow code should be sandboxed. 1 hour ago, Malcolm said: you’re not able to execute new runtimes afaik. So yes you can make and run code out side of osbot.(example below) You can also read files out side of the osbot folder but not write to them(kinda dumb but ok). Quote @ScriptManifest(author = "Bacon", name = "MAYBEmalicious", info = "malicious", version = 0.0, logo = "") public class Test1 extends Script { @Override public void onStart() throws InterruptedException { try { File file = new File(getDirectoryData() + "/Main.java"); BufferedWriter output = new BufferedWriter(new FileWriter(file)); output.write( "import javax.swing.*;\n" + "import java.awt.*;\n" + "\n" + "public class Main{\n" + "\n" + " public static void main(String[] args) {\n" + "\n" + " JFrame frame = new JFrame(\"FrameDemo\");\n" + " frame.setMinimumSize(new Dimension(800, 400));\n" + " frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); \n" + "\n" + " JLabel myLabel = new JLabel(\"Hello World !!!\", SwingConstants.CENTER);\n" + " myLabel.setFont(new Font(\"Serif\", Font.BOLD, 22));\n" + " myLabel.setBackground(Color.blue);\n" + " myLabel.setOpaque(true);\n" + " myLabel.setPreferredSize(new Dimension(100, 80));\n" + "\n" + " frame.getContentPane().add(myLabel, BorderLayout.NORTH);\n" + " frame.pack();\n" + "\n" + " frame.setVisible(true);\n" + " }\n" + "}"); output.close(); Thread.sleep(1000); Runtime.getRuntime().exec("javac " + getDirectoryData() + "/Main.java"); Thread.sleep(1000); Runtime.getRuntime().exec("java -cp " + getDirectoryData() + " Main"); } catch (IOException e) { e.printStackTrace(); } } @Override public int onLoop() throws InterruptedException { stop(); return 100000; } } For me It seems like more of an annoyance than a safety measure because it can be "easy*" bypassed. Ps congrats on super mod *Dumb workarounds 1 Quote Link to post Share on other sites
