Global method to make files read-only

Okay, I know you can make files read-only by overriding some fs/io functions, but not only is this annoying and insecure, it leads to problems when multiple (and incompatible) programs want to set different read-only files.

A simple terminal command, such as "readonly file on" or "chmod a-w file" (to keep up with the linux-y feel), along with a corresponding .setReadOnly() LUA command would make things a lot easier, safer, and more secure.

Remote access by rednet, if you want files to be secure.

ChunLing, on 26 December 2012 - 11:27 PM said:

Remote access by rednet, if you want files to be secure.

The main reason I suggested this was for floppy disks - my bank program (see sig) uses floppy disks as ATM cards. I want to use a file on the floppy disk to store the account number and make the file read-only to prevent accidental deletion/modification - not necessarily for security (though that would be nice).

People can wipe their card if they're careless, it happens.

This could cause damage to the host computer. For instance this code will totally fuck a machine if this was added:

for i = 1, 9001 do
  fs.open(tostring(i), "w")
  f.write(string.rep("helloWorld", 9001))
  f.close()
  fs.setReadOnly(tostring(count))
end

I know they changed FS recently to change file spamming thingies so this may not spam files quickly but it SHOULD make 9001 files readonly :P/> Remind me not to code at 2:39AM :P/>

ChunLing, on 26 December 2012 - 11:35 PM said:

People can wipe their card if they're careless, it happens.

Credit cards don't have a little "wipe data" button on the side… Sure, you can rub a magnet over it, but it makes it harder to do something stupid.
Compare:
Without read-only: Oops, typed in disk instead of disk1
With read-only: Oops, typed in "chmod" instead of "mkdir". Oops, typed in "rm" intead of "help"…

Sammich Lord, on 26 December 2012 - 11:38 PM said:

This could cause damage to the host computer. For instance this code will totally fuck a machine if this was added:

for i = 1, 9001 do
  fs.open(tostring(i), "w")
  f.write(string.rep("helloWorld", 9001))
  f.close()
  fs.setReadOnly(tostring(count))
end

I know they changed FS recently to change file spamming thingies so this may not spam files quickly but it SHOULD make 9001 files readonly :P/> Remind me not to code at 2:39AM :P/>

for i=1,9001 do fs.setReadOnly(i+"") fs.delete(i+"") end

That was less code than it took to create the files… Besides, a program could load an API which overrides fs/io to lock out those files. Same result. (note to self: write program which does this)

There's a risk involved in everything, but it's a question of whether the benefits outweigh the risks. I think they do.

Edit: "rm -f {1..9001}"
Thankyou Linux!

Cloudy and Dan will never at anything that have any security risk what so ever. They have stated this many times. If the feature was added public servers will be a waste of money since everybody is going to use similar code to what I wrote to spam the HDD with files that cannot be removed. 99.99999999& chance of this not being added.

Sammich Lord, on 26 December 2012 - 11:57 PM said:

Cloudy and Dan will never at anything that have any security risk what so ever. They have stated this many times. If the feature was added public servers will be a waste of money since everybody is going to use similar code to what I wrote to spam the HDD with files that cannot be removed. 99.99999999& chance of this not being added.

Like I said, programs can override the fs/io APIs (along with basically any other API…) which is a pretty big security risk. I know! Let's remove function overriding(!)

EDIT:

Sammich Lord, on 26 December 2012 - 11:58 PM said:

Add suggesting a function to make a read-only file to the list.

Seems like you're pretty against the idea… I can't find any "read only" suggestions in search.

pokepal101, on 27 December 2012 - 12:11 AM said:

Sammich Lord, on 26 December 2012 - 11:57 PM said:

Cloudy and Dan will never at anything that have any security risk what so ever. They have stated this many times. If the feature was added public servers will be a waste of money since everybody is going to use similar code to what I wrote to spam the HDD with files that cannot be removed. 99.99999999& chance of this not being added.

Like I said, programs can override the fs/io APIs (along with basically any other API…) which is a pretty big security risk. I know! Let's remove function overriding(!)

EDIT:

Sammich Lord, on 26 December 2012 - 11:58 PM said:

Add suggesting a function to make a read-only file to the list.

Seems like you're pretty against the idea… I can't find any "read only" suggestions in search.

The devs will never add anything that may cause any security risk. If you just think about your idea before posting this then we wouldn't have this argument. When I am coding anything I plan ahead and think of any possible ways people could exploit my code. I have already stated valid reasons why this should not and will not be added. And FYI, some important functions can not be overwritten. I see no security risk in allowing the user to override a function. You cannot change the BIOs in-game so being able to override functions in-game is no security risk.

I don't see the security risk in this. I also don't see the point - surely if we provide functions to make a file read only, we'd have to make a function to make the file writable again, negating any "security".

Sammich Lord, on 27 December 2012 - 01:29 AM said:

And FYI, some important functions can not be overwritten.

Which functions, exactly, are you referring to?

Sammich Lord, on 26 December 2012 - 11:38 PM said:

This could cause damage to the host computer. For instance this code will totally fuck a machine if this was added:

for i = 1, 9001 do
  fs.open(tostring(i), "w")
  f.write(string.rep("helloWorld", 9001))
  f.close()
  fs.setReadOnly(tostring(count))
end

I know they changed FS recently to change file spamming thingies so this may not spam files quickly but it SHOULD make 9001 files readonly :P/> Remind me not to code at 2:39AM :P/>

You could currently do this, with the exception of making them read only in Minecraft. The files on the server are still at the admins control and if they were read only in Minecraft doesn't mean that the admin could not edit/delete the files outside of Minecraft.

Well, read-only files coded into the main CC mod only cover part of the security risks in CC, e.g. you still can make a computer startup from an adjacent disk drive fllopy's startup file ignoring any previous OS.

pokepal101, on 27 December 2012 - 12:11 AM said:

Like I said, programs can override the fs/io APIs (along with basically any other API…) which is a pretty big security risk. I know! Let's remove function overriding(!)

Not if your os overrides them first. Besides that, to accomplish your exact goal, credit cards could be a computer.
Plus, you seem to need this feature to prevent people from accidentally messing up their credit cards (another problem is people hacking the system, but that can be prevented without the need for read-only, with some encryption).
Why would they be using their credit cards in their personal computers (because if they use them in your ATM's like machines, they can't do anything, right?)… to draw a parallel to real-life, you generally your PC generally can't use the information in a card's magnetic band.

CoolisTheName007, on 27 December 2012 - 10:36 AM said:

your PC generally can't use the information in a card's magnetic band.

I'm sure plenty of people can get THIS, and play havoc with the information on it. Not necessarily changing the balance, or anything like that, snce that information is encoded with the banks' servers, but you could definitely change the card, mimicking any other card you choose.

@pokepal101 - The most secure way to make your system work would have each card carry a unique identifier, just like real cards do, and have a PIN system. Once the user authenticates by swiping their card(selecting the account), and using their PIN(authorizing transaction), only then should the transaction continue after contacting the home server.

Cloudy, on 27 December 2012 - 04:35 AM said:

I don't see the security risk in this. I also don't see the point - surely if we provide functions to make a file read only, we'd have to make a function to make the file writable again, negating any "security".

I think the reason was to make it harder to accidentally edit the files, not to prevent people doing it maliciously.

And I still say, people can wipe their cards if they're careless. In real life, most homes have dozens of magnets powerful enough to wipe a magstrip. If you habitually stick your card places it isn't supposed to go, you'll wipe or otherwise damage it.

I know, we should make all the CC items fireproof so that they can't get destroyed if they fall in lava. That is frankly a much higher risk for the average player than "accidentally" sticking their ATM floppy into their drive at home and then "accidentally" wiping it. And I, for one, am not particularly fond of the mechanic of dropped items being destroyed.

CoolisTheName007, on 27 December 2012 - 10:36 AM said:

Why would they be using their credit cards in their personal computers

Let's say I'm a regular user of an ATM so I keep my ATM card on my hotbar, and I'm lazy, so I shift-click things into floppy drives.
Today, I found this floppy disk and I want to format it. Shift-click, "rm /disk/*" (or whatever it is). Oops… Accidentally put in my ATM card.
Compare with "rm /disk/*" - "File accountnumber is read-only. Must use –force." I have been saved from an otherwise pointless trip to the bank!

I am so dropping you into a lava trap.

This is just stupid. I'm not going to make it easier for users to not do stupid things. Just check drive first. There are no built in commands which allow you to delete the entire contents of a disk.