Author Topic: Security Patch [Relevant for Modders]  (Read 102 times)

koonschi

  • Developer
  • *
  • Status:
    Offline
    Posts:
    1627
    • View Profile
    • Avorion
on: August 12, 2019, 03:17:19 PM
Date: August 12th, 2019

Hey guys,

We're doing a quick security patch today that also affects the Scripting API.

Scripting API

"We're adjusting the Server API privileges to the Client API privileges."
  • Server Scripting API: Removed os.execute() and similar functionality
  • Server Scripting API: Removed all functionality for loading/executing binary files
  • Server Scripting API: Removed functionality to write-access any file on the system
    • Write access only allowed for %AppData%\Avorion\moddata\ and galaxy folder
    • Read access only allowed for %AppData%\Avorion\, installation folder, galaxy folder and folders of enabled mods
    • On unix-based systems, replace %AppData% with ~/.avorion

We still want mods to be able to communicate with external tools, of course. In order to make up for the lost functionality, we'll be adding a socket library in the near future.
#define TRUE FALSE // happy debugging suckers

If you need help, please post in the forum, don't PM me. If there's something that only I can help you with, contact me via mail.



Hammelpilaw

  • Hero Member
  • *****
  • Status:
    Offline
    Posts:
    550
    • View Profile
    • Scrap Yard - Avofactory
on: August 12, 2019, 04:43:49 PM
We still want mods to be able to communicate with external tools, of course. In order to make up for the lost functionality, we'll be adding a socket library in the near future.

Awesome. Do you already have any information about how this will work?
Scrap Yard Galaxy
My mods and tools
My Workshop

If you find a bug in my mods please contact me.



koonschi

  • Developer
  • *
  • Status:
    Offline
    Posts:
    1627
    • View Profile
    • Avorion
on: August 12, 2019, 05:23:39 PM
We're probably going to use an established library like lua socket or something similar.
#define TRUE FALSE // happy debugging suckers

If you need help, please post in the forum, don't PM me. If there's something that only I can help you with, contact me via mail.