« previous next »
Pages: 1 2 [3]

Author Topic: Isn't the add on system a bit risky?  (Read 2057 times)

DontCare4Free

January 10, 2012, 06:07:25 PM
Basically the only malicious thing it would be able to do that would not require user-interaction would be overwriting Blockland.exe (which would make it run the malware on user-launch), but since that is verified by the launcher when you launch it, it can't really do anything harmful (except if  you're running multiple instances and some very specific timing happens). And I'm not sure about whether BL holds a mutex lock for writing on BL.exe (which would negate this issue).

Quote from: Brian Smithers on January 10, 2012, 05:35:25 PM
write 1,000,000 files with 1,000,000 lines of uselses bullstuff. You can take up gigabytes if you plant it carefully.
It would also be very slow.

Quote from: Dillpickle on January 10, 2012, 06:05:19 PM
But then wouldn't the person have to download this gigabytes of crap?
No, the script would generate the crap while doing it.


On the other hand we have Minecraft mods which generally run as regular Java classes, meaning they can do pretty much anything any other application can (including executing stuff).

Ad Bot

Advertisement

Kalphiter

January 10, 2012, 06:08:54 PM
Quote from: DontCare4Free on January 10, 2012, 06:07:25 PM
Basically the only malicious thing it would be able to do that would not require user-interaction would be overwriting Blockland.exe (which would make it run the malware on user-launch), but since that is verified by the launcher when you launch it, it can't really do anything harmful (except if  you're running multiple instances and some very specific timing happens)
Or maybe the fact th-

Quote from: DontCare4Free on January 10, 2012, 06:07:25 PM
And I'm not sure about whether BL holds a mutex lock for writing on BL.exe (which would negate this issue).
Yes it does, all Windows executables have locks on them.

DontCare4Free

January 10, 2012, 06:10:20 PM
Quote from: Kalphiter on January 10, 2012, 06:08:54 PM
Or maybe the fact th-
Yes it does, all Windows executables have locks on them.

Fairly sure they don't by default, but I'll check whether BL.exe does.

EDIT: Checked, BL.exe does have a write mutex on itself.

Kalphiter

January 10, 2012, 06:11:17 PM
Quote from: DontCare4Free on January 10, 2012, 06:10:20 PM
Fairly sure they don't by default, but I'll check whether BL.exe does.
When I left C++ programs running and tried to compile, it wouldn't let me.

Second of all, you can't move the Blockland.exe while it's running, as I have when removing clients.

Aide33

January 10, 2012, 08:25:43 PM
Thats why add-ons are approved on rtb and we have the fail bin on the forum.

Kalphiter

January 10, 2012, 08:43:54 PM
Quote from: Aide33 on January 10, 2012, 08:25:43 PM
Thats why add-ons are approved on rtb and we have the fail bin on the forum.
No, please read the thread.
Pages: 1 2 [3]
« previous next »