Is it possible to get virus from online content? #9963
-
Openttd written with c++ which makes online content easy exploitable. My question is: Does someone control online content? Is there a system for that or whoeverwants to make online content can do? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
That is quite a statement, and I am tempted to respond with: citation needed ;) Although OpenTTD is written in C++, that doesn't make it "easy exploitable". But that might be more an academic discussion. More important to know and realise, is that our online content isn't C++ code, nor binary executables (or libraries). To dive a bit deeper, we need to split up what is actually on the online content service. First, we have scenarios. Scenarios are basically savegames, with another extension, and act accordingly. They are read as a binary format, interpreted by OpenTTD, and the game is loaded. So this isn't a binary executable of any kind. As such, your classic "virus" cannot impact this. Second, we have heightmaps. Those are simply PNGs. We use Third, we have AIs and GameScripts. Those are written in a language called Squirrel, similar to LUA, which we interpreted. The scripts are sandboxed, and have no access to the OS or filesystem in any way, shape or form. The only thing they can do, is access an API we supply. Lastly, we have NewGRFs. This too is a custom binary format, which is read and interpreted by OpenTTD, byte by byte. It contains graphics and instructions how to work with these. This too, is sandboxed, and here too an API (although more an ABI) is supplied which can be used. Recently we have been fuzzing NewGRFs, to see if anything breaks. Nothing showed up. So where does this leave us. Can we guarantee the online content system cannot be exploited? Is it likely? In other words, I used a lot of words to say: it is impossible to get a classic "virus" via the online content. The only exploitable way to abuse the online content system is to specifically target OpenTTD and one of its binary formats. Which is not impossible, just improbable. So to end where I started: I don't agree with the statement: it is written in C++, so it is easy exploitable :) Hope this settles your nerves a bit :) If you have any other questions or want more detail, let us know! PS: additionally, the online content service also validates uploads, as in: you cannot upload some arbitrary file and say: this is a NewGRF. The system will refuse the upload. It has to be an actual NewGRF before it is accepted. Similar for the other types. This is just an extra line of defense. |
Beta Was this translation helpful? Give feedback.
That is quite a statement, and I am tempted to respond with: citation needed ;)
Although OpenTTD is written in C++, that doesn't make it "easy exploitable". But that might be more an academic discussion.
More important to know and realise, is that our online content isn't C++ code, nor binary executables (or libraries). To dive a bit deeper, we need to split up what is actually on the online content service.
First, we have scenarios. Scenarios are basically savegames, with another extension, and act accordingly. They are read as a binary format, interpreted by OpenTTD, and the game is loaded. So this isn't a binary ex…