dyon icon indicating copy to clipboard operation
dyon copied to clipboard

Published 20 hours ago verified publisher icon PistonDevelopers

Sandbox Untrusted Code?

Open Aurailus opened this issue 4 years ago • 2 comments

Hello! I'm a game developer and I'm considering using dyon in my current project. I was wondering if it has the ability to sandbox untrusted code, as I'd like to have user-created scripts running on clients, and it would obviously be an issue if those scripts could maliciously affect clients. Thank you in advance!

Aurailus avatar May 16 '21 21:05 Aurailus

You can disable file, http and threading with Cargo features: https://github.com/PistonDevelopers/dyon/blob/master/Cargo.toml#L29

bvssvni avatar May 18 '21 10:05 bvssvni

Thanks for your reply! I guess what I'm really wondering is if it's possible to access the system maliciously with scripts running in Dyon. Like, can you manipulate raw memory? Spawn new processes. I've browsed the readme and it seems like sandbox support isn't a design goal but I wanted to check anyway, because this seems like a great language that I'd love to use in my project.

Aurailus avatar May 18 '21 22:05 Aurailus