FaTony {l Wrote}:This really shows that Xonotic developers are insecure and possessive. We value free software because we want to play games the way we want. Banning legitimate servers is a censorship that is not tolerable in free society.
FaTony {l Wrote}:leilei {l Wrote}:This is not "censorship", it's a filter workaround to maintain the Xonotic experience.
I couldn't care less about "Xonotic experience" or "Red Eclipse experience" or any other vanilla game experience. I have chosen free software to play the game the way I want, not what devs want.
FaTony {l Wrote}:which is compiled into the bytecode. This makes it possible to make client-side mods and upload the bytecode to the client during connection.
FaTony {l Wrote}:Sauer2 {l Wrote}:That reminds me to ask OT stuff: Has anybody (or do you know someone security related that) tried to create a server that uploads handcrafted bytecode to break out of the VM?
To clarify: Have QuakeC vms some kind of bytecode verifier or do Quake-like players rely on servers that are assumed to be trustworthy?
I would guess that each function that is possible to call from VM has been audited for security. Otherwise, there would be tons of viruses from the Quake days.
Sauer2 {l Wrote}:That reminds me to ask OT stuff: Has anybody (or do you know someone security related that) tried to create a server that uploads handcrafted bytecode to break out of the VM?
To clarify: Have QuakeC vms some kind of bytecode verifier or do Quake-like players rely on servers that are assumed to be trustworthy?
FaTony {l Wrote}:The question is can malicious code escape from those VMs.
andrewj {l Wrote}:So no, downloaded client-side VMs cannot do anything malicious.
Sauer2 {l Wrote}:Assuming, the client verifies the bytecode sufficiently.
Users browsing this forum: No registered users and 1 guest