Logic and (&&) is unsupported?

Learn about OpenMW mod compatibility, check for problematic mods, discuss issues, and give us feedback about your experience with modded OpenMW.
User avatar
AnyOldName3
Posts: 1032
Joined: 26 Nov 2015, 03:25

Re: Logic and (&&) is unsupported?

Post by AnyOldName3 » 23 Jan 2018, 01:24

This is usually the bit where I mention that adding Mono support would be nice as we'd immediately get support for lots of languages with good interoperability, and if we did a comparatively small amount of work to make MWScript compile to .NET bytecode, they'd all interoperate with that, too. Once I suggest that, Zini or Scrawl usually say that it would add a very big dependency to the project without necessarily adding that much in the way of benefits and there's usually another complaint, too, but I can't remember what it is right now. I still think that it would be nice, though.
AnyOldName3, Master of Shadows

User avatar
jirka642
Posts: 117
Joined: 23 Aug 2014, 11:39
Location: Czech Republic
Contact:

Re: Logic and (&&) is unsupported?

Post by jirka642 » 23 Jan 2018, 12:46

AnyOldName3 wrote:
23 Jan 2018, 01:24
and there's usually another complaint, too, but I can't remember what it is right now.
Security. Many languages have problems with sandboxing, so you could theoretically get viruses from OpenMW mods.
On GitHub as kunesj, on GitLab as kunesj.
OS: Linux Mint 18, CPU: Intel Core i5-3330, RAM: 16GB, GPU: GeForce GTX 650Ti, OpenMW: from source

User avatar
AnyOldName3
Posts: 1032
Joined: 26 Nov 2015, 03:25

Re: Logic and (&&) is unsupported?

Post by AnyOldName3 » 23 Jan 2018, 14:47

You already run that risk with regular Morrowind mods that require MWSE and other script extender based mods for the later games. Once you allow arbitrary code, you're allowing arbitrary code. If a user wants to download malicious software, I would be surprised if OpenMW was the one thing standing between them succeeding to ruin their computer and failing to ruin their computer.
AnyOldName3, Master of Shadows

User avatar
raevol
Posts: 2743
Joined: 07 Aug 2011, 01:12
Location: Caldera

Re: Logic and (&&) is unsupported?

Post by raevol » 24 Jan 2018, 00:48

I thought we already had a proof-of-concept of python and Lua being implemented?

The issue with Python is that mods can harbor malicious code that changes the host system?

Am I remembering wrong that Lua was also proof-of-concepted?

User avatar
AnyOldName3
Posts: 1032
Joined: 26 Nov 2015, 03:25

Re: Logic and (&&) is unsupported?

Post by AnyOldName3 » 24 Jan 2018, 02:43

Any 'real' language can harbour malicious code unless we implement our own interpreter/JIT and leave out huge components of the standard library and any language features allowing it to interface with native code. This usually kills the language and just gives you a new, less powerful, less useful, but safer language with similar syntax. It also doesn't make it impossible for a malicious mod to break out of the sandbox by exploiting some bug.

If we put too many restrictions in place, we end up with mess like script extenders loading DLLs at runtime, which has the exact same problems but just adds extra steps.
AnyOldName3, Master of Shadows

User avatar
raevol
Posts: 2743
Joined: 07 Aug 2011, 01:12
Location: Caldera

Re: Logic and (&&) is unsupported?

Post by raevol » 24 Jan 2018, 03:39

I thought Lua was designed to be sandboxed into a program? I am only peripherally familiar with this feature of it though, so correct me if I am wrong. I thought that's why lots of engines used it for scripting.

Chris
Posts: 1469
Joined: 04 Sep 2011, 08:33

Re: Logic and (&&) is unsupported?

Post by Chris » 24 Jan 2018, 04:25

AnyOldName3 wrote:
23 Jan 2018, 14:47
Once you allow arbitrary code, you're allowing arbitrary code.
Which is a good reason to not allow arbitrary code execution.
If a user wants to download malicious software, I would be surprised if OpenMW was the one thing standing between them succeeding to ruin their computer and failing to ruin their computer.
No user wants to download malicious software (unless they're specifically testing it). People who are careless will eventually get themselves infected, but that doesn't mean it's okay to open the flood gates and force people to treat every OpenMW mod as if it was an executable. Why should we require people to be meticulously careful about who made an OpenMW mod, where they downloaded it from, and to have a virus checker ready for it regardless, if we don't have to? Nobody is perfect, even the most security- and safety-conscious person will occasionally slip and make a mistake, and we shouldn't enable another attack vector if we don't need to.

User avatar
AnyOldName3
Posts: 1032
Joined: 26 Nov 2015, 03:25

Re: Logic and (&&) is unsupported?

Post by AnyOldName3 » 24 Jan 2018, 04:37

Lua is potentially sandboxable, but if, for example, we add file IO support (which is a fairly sensible thing for a mod to want, e.g. so it can read configuration files or output a log or a file the user may want, such as how Sim Settlements for Fallout 4 allows you to write a blueprint for a settlement and then restore from a blueprint so you can share your settlement designs) a mod could break out of the sandbox (e.g. by writing a DLL to the OpenMW directory so that next time it is started, some native code is run which could contain an arbitrary payload, or, even more simly, if the script just deleted everything in the documents folder). We can never allow all the power of a closed-source Bethesda game combined with a script extender unless we make it possible to leave the sandbox. Modders want that power (they use it without OpenMW), and while things can be added to the engine directly, offering users the ability to run arbitrary code is the best defence we have against there being ten zillion incompatible forks of OpenMW and being seen as more work than the base engine.

People will never need to be more careful with an OpenMW mod than they do with a regular Morrowind mod if they use MWSE no matter how many attack vectors we leave.
AnyOldName3, Master of Shadows

User avatar
raevol
Posts: 2743
Joined: 07 Aug 2011, 01:12
Location: Caldera

Re: Logic and (&&) is unsupported?

Post by raevol » 24 Jan 2018, 05:32

AnyOldName3 wrote:
24 Jan 2018, 04:37
People will never need to be more careful with an OpenMW mod than they do with a regular Morrowind mod if they use MWSE no matter how many attack vectors we leave.
Interesting, ok. That's definitely an important point.

User avatar
Zini
Posts: 5445
Joined: 06 Aug 2011, 15:16

Re: Logic and (&&) is unsupported?

Post by Zini » 24 Jan 2018, 09:27

jirka642 wrote:
23 Jan 2018, 12:46
AnyOldName3 wrote:
23 Jan 2018, 01:24
and there's usually another complaint, too, but I can't remember what it is right now.
Security. Many languages have problems with sandboxing, so you could theoretically get viruses from OpenMW mods.
At the risk of sounding like Torvald: Not just no, but *FUCKING HELL NO*. Most problems with sandboxing come from people being morons about implementing sandboxed features or by trying to sandbox something that needs to be so powerful, that it can't be sandboxed reliably. This is not going to happen with the OpenMW scripting language. It does not need to be so powerful that it can cause harm and we will not be dumb about it.

I have yelled in anger at a developer exactly once during the entire development of OpenMW. But if someone tries to get anything into master that puts scripting at risk I will yell again.

I think it it quite apparent that I feel very strongly about this topic.

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 3 guests