Safe Run Program - ComputerCraft Forums (archive)

Twijn #1

119 posts

Posted 14 August 2015 - 10:31 PM

What Is It?

Safe Run is a program that will run any program in any directory simply from it's name. Not only that, but it will warn the user (you) if the program could contain any malicious lines.

Why… This is truly the most useless thing ever!

I understand your confusion completely. The point of safe run is to provide users with some security. Malicious code is continuing to grow among ComputerCraft, and the built in CraftOS does nothing to prevent grief by itself. This code is meant to be used from those that enjoy looking at other people's creations, but are worried about malicious programs ruining their computers, especially if they are playing in an actual survival world, or have other important programs on the computer.

This program doesn't protect against ____!

Post down below filters that should be added to safe run.

What it protects against currently:

shell.run (Can be used to run other harmful programs)
fs.delete
fs.open
loadstring
loadfile
dofile
io.open
fs.move
os.loadAPI

Pastebin Code

Note: This is a new program. It does not protect against everything and may have some minor bugs.

Installer(Very new. May have a few issues.): pastebin run TUBgyryp

Additionally, you may use pastebin run TUBgyryp <safeRun version> to install different versions.

NOTE: You will have to update the installer to download a new version currently.

Previous Versions:

Spoiler

(1.0.2) maV86jHD

(1.0.1) QyKkHSkH

(1.0.0) hxGmtNvZ

Edited on 17 August 2015 - 01:12 AM

KingofGamesYami #2

3057 posts

Location United States of America

Posted 15 August 2015 - 12:38 AM

You may additionally want to protect against…

Spoiler

loadstring
loadfile
dofile
io.open
fs.move
obfuscated (binary) code
os.loadAPI (can be used to circumnavigate other methods of running a file)
infinate loops (while true do end, repeat until false, etc.)

flaghacker #3

656 posts

Posted 15 August 2015 - 01:24 AM

The problem with these kind of programs is that they're really easy to circumvent (eg fs["delete"]()) and the fact that there's nothing wrong with fs.open and fs.delete, would you consider the default "edit" program malicious?

@Yami, do you want to block infinite loops? Good luck detecting those… And why would you even want to? Most (if not all) programs have them…

Edited on 14 August 2015 - 11:25 PM

KingofGamesYami #4

3057 posts

Location United States of America

Posted 15 August 2015 - 01:30 AM

I meant infinite, non-yeilding loops. The sort that forces CC to shut the computer off entirely.

Twijn #5

119 posts

Posted 15 August 2015 - 02:35 AM

KingofGamesYami, on 15 August 2015 - 12:38 AM said:
You may additionally want to protect against…
Spoiler
loadstring
loadfile
dofile
io.open
fs.move
obfuscated (binary) code
os.loadAPI (can be used to circumnavigate other methods of running a file)
infinate loops (while true do end, repeat until false, etc.)

Added all of them except obfuscated code and infinite loops simply because I can't think of a way to block them currently.

@flaghacker I'm not exactly sure how I can protect against that yet. Once I figure it out I'll update the code.

Edited on 15 August 2015 - 12:38 AM

Grim Reaper #6

504 posts

Location Seattle, WA

Posted 15 August 2015 - 02:56 AM

This is pretty old, but it protects against what flaghacker is talking about. Unfortunately, because things aren't compiled, it's difficult to scan programs for danger. It doesn't have every feature that would be useful, but maybe that's something you could perfect :)/>

Twijn #7

119 posts

Posted 17 August 2015 - 03:14 AM

Grim Reaper, on 15 August 2015 - 02:56 AM said:
This is pretty old, but it protects against what flaghacker is talking about. Unfortunately, because things aren't compiled, it's difficult to scan programs for danger. It doesn't have every feature that would be useful, but maybe that's something you could perfect :)/>

I'm not very familiar to that old of coding… I honestly don't know what part of the code you're talking about.

Also, new version: 1.0.2 and installer. UI changes however no more additions to the filter.

Grim Reaper #8

504 posts

Location Seattle, WA

Posted 17 August 2015 - 06:55 AM

Yeah, I guess there is quite a bit of fluff around what I intended to show you.

Basically, this is a work around for the limitations of string matching for the sake of security. Because Lua code is not compiled until runtime for us (well, okay, you can do some loadstring stuff, but most of the time its easier and space-efficient to just leave the source for the interpreter), you can't scan sections of the compiled product for malware signatures. So, scanning the source for function calls that could be dangerous is not a secure way of identifying viruses.

So, what do we do?

We can "hook" into the APIs that viruses try to make use of. Things like the 'fs' and 'os' API are usually targets because they can do serious damage to the files on the computer. So, we run a program that hides away the original versions of those APIs and replaces them with a set of functions that have the same names but do different things. That way, we can make the replacements tell the user "HEY! SOMEONE IS TRYING TO TURN OFF YOUR COMPUTER!!!" From there, the user can decide if that's okay. If so, the replacement function calls the original, shutting down the computer.

For example, if we replace the fs.open function with something like this,
local oldOpen = fs.open -- This is the original version of the function. fs.open = function(path, mode) -- This is our replacement. -- Check if the path is the startup program, so we can stop viruses from -- writing the startup file. if path:lower():gsub("[/\\]", "") == "startup" then if warningFunction(shell.getRunningProgram() .. " is trying to access startup! Is that okay?") then return oldOpen(path, mode) end else return oldOpen(path, mode) end end
we can prevent ANY calls to modify the startup program without having to scan the file!

Edited on 17 August 2015 - 04:55 AM