8 posts
Posted 01 September 2012 - 01:42 AM
Im on a server currently and cc computers are banned. Reason: Apparently you can use cc computers to hack outside the server and access the hosts computer. Is this true?
This is a read-only snapshot of the ComputerCraft forums,
taken in April 2020.
JVM breach?
Started by Zombiebrine, 31 August 2012 - 11:42 PM
1688 posts
'MURICA
Posted 01 September 2012 - 01:46 AM
Possibly. You can do this with LÖVE using the io library to access files outside of the designated directory.
Though I'd imagine dan did something with the io library to make things more secure with the mod, otherwise that's a pretty big security hole haha.
I'm tempted to make a script to delete system32 in CC just to test this. lol
Though I'd imagine dan did something with the io library to make things more secure with the mod, otherwise that's a pretty big security hole haha.
I'm tempted to make a script to delete system32 in CC just to test this. lol
686 posts
Posted 01 September 2012 - 02:14 AM
A lot of very intelligent people have spent a lot of time looking at computercraft in great depth, and none of them have ever brought up any legitimate security concerns.
1604 posts
Posted 01 September 2012 - 02:17 AM
There's no way to access files outside the computer folder or the rom, and luajava was disabled to avoid security isues (you could run java code with it, wich is very insecure in servers).
1688 posts
'MURICA
Posted 01 September 2012 - 02:20 AM
Did a quick test with the emulator - the IO library can't go outside the CC directory. The OS library also lacks os.execute, which would be used to perform command line functions. The IO and OS libraries would've been basically the only way you could do anything serious.
1548 posts
That dark shadow under your bed...
Posted 01 September 2012 - 10:31 AM
That server owner is an idiot.
I'm behind you on that one