Follow-up Comment #2, bug #15644 (project freeciv):

Yes, security is absolutely a concern. I didn't think about it before but:
Hack access makes sense for the "free scripting" command /lua. However in
reality we should allow this at CTRL access. Ideally, scripts can not
influence the server, only the game, so CTRL access would be more
consistent.

However, every security hole in our script runtime, turns into a remote hole
if we allow CTRL access to /lua. Here is an alternative idea to think about:

Allow "triggers" that are similar to the current signal.connect(..) approach.
You may register any function call as a custom-named trigger:

in ruleset or scenario script:

function create_new_player()
..
end
trigger.connect("createplayer", "create_new_player")

---

Then we add a /trigger command. The gamemaster or anyone with CTRL access may
then say /trigger createnewplayer

So the ruleset may setup triggers like this, and they can be triggered at any
time. However it is not as flexible as /lua. Both could be implemented in
parallel, with /lua only having hack access. Of course, if we gain trust in
our security solution for the script runtime, we can put the "free" version
under CTRL access instead.

    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?15644>

_______________________________________________
  Meddelandet skickades via/av Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to