Szukaj

tal, rok temu (edited rok temu) do gaming w What is something (feature, modes, settings...) you would like to see become a standard in video games?

One issue is that this can be a vector for malware. I kind of wish that game engines came standard with something like the Javascript engine in browsers, with some sort of sandbox for mods. I’m not saying that that’d solve everything – the game code that the mods invoke probably isn’t hardened – but it’d be better then just having arbitrary modifications go in. Especially with mod systems that auto-download new versions – even if the mod author is on the up-and-up, if someone compromises his account or computer, they’ve compromised all the computers using the mod.

EDIT: This isn’t just a problem specific to mods, either. A lot of online software library systems that provide auto-updates (pip for Python, rvm for Ruby, etc) can be a vector into systems. Providing auto-updates where many, many people have rights to push updates to computers is convenient in terms of getting software working, but unless the resulting code is running sandboxed, it’s creating an awful lot of vectors to attack someone’s system. This isn’t to impugn any one author – the vast bulk of people writing mods and open-source software are upstanding people. But it only takes one bad egg or one author who themselves has their system compromised to compromise a lot of other systems, and in practice, if you’re saying “subscribe to this mod”, you’re doing something that may have a lot of security implications for your system.

Consoles and phones already do a decent job of sandboxing games (well, as far as I know; I haven’t been working on security for either of them, but from what I’ve seen of the systems, they at least aim to achieve that). So maybe someone can compromise an app, but there’s a limited amount they can do aside from that. Maybe dump your name and location and such, but they can’t get control of your other software. However, Linux, Windows, and MacOS don’t have that kind of app sandboxing generally in place. I know that Linux has been working towards it – that’s one major reason for shifting to Wayland, among other things – but it’s definitely not there today.

For servers, I think that part of the way that sysadmins have been trying to deal with this is running containers or VMs on a per-service basis. Looking at !homelab, I see a lot of people talking about containers or VMs. But that’s not really an option today for desktop users who want to run games in a sandbox; it’s not set up automatically, and 3D card support spanning containers is not great today, or at least wasn’t last time I looked at it. I can run Ren’Py games in a firejail today successfully on Linux, but that’s not out-of-box behavior, Steam definitely doesn’t have it in place by default, I have no idea whether it’s possible for WINE (which is important for a lot of Windows games that run on Linux) and at least some if not all of the mechanisms firejail uses for graphics won’t permit for access to the 3D hardware.