https://kotlinlang.org logo
Title
j

James

04/12/2023, 8:43 PM
Hello, I'm using Kotlin for game development and want to offer the end-user with an embeddable scripting experience. The scripts will be ran on the game host server and thus need a way to be sandboxed for safe execution. I have gotten Kotlin (kts) to work with javax.script, but now need to take security measures to ensure the following: 1. Prevent reading system information (such as reading the os release, or memory information). 2. Prevent reading the process environment (such as PATH, USER or SUPER_SECRET_GAME_KEY). 3. Ideally prevent reading high-resolution time measurement (it can be used in fingerprinting or timing attacks). 4. Fully or partially prevent network access using allowlist (such as tcp4/google.com/80 or tcp/google.com) 5. Prevent reading/loading of native libraries (such as libawesome.so) 6. Prevent reading from/writing to the file system (such as password.txt) 7. Prevent spawning processes (such as
bash -c ':(){ :|:& };:'
) Is anyone familiar with ways to achieve this, or able to point me in the right direction to learn more about java.security?
e

ephemient

04/12/2023, 9:20 PM
sandboxing inside the JVM is basically dead. https://openjdk.org/jeps/411
j

James

04/12/2023, 9:23 PM
I suppose I could manually create a script runtime instance for Kotlin and limit the classpath to classes provided and implemented by myself. Is that something that sounds doable in embedded scripting with Kotlin?
t

to-elixir

04/13/2023, 1:44 AM
by the way, kotlin for game development sounds cool. how's the performance compare with c#/unity?
r

Rizwan

04/13/2023, 6:03 AM
What ide I need to use to create games with kotlin any links ?
j

Johann Pardanaud

04/13/2023, 7:08 AM
What about Lua for the scripting language? You will be able to control the available APIs in the whole runtime
s

sciack

04/13/2023, 7:21 AM
Or using JPMS to limit the module the script can access? I know that there are some limitation and interoperability issues between JPMS and Kotlin, but could be a way.
j

James

04/13/2023, 7:24 AM
@to-elixir I don't have specific numbers, but the performance is completely fine for my usage. The game runs JVM still and not natively and in the browser.
@Rizwan I use Visual Studio Code, I don't use a "game maker" to work on it.
r

Rizwan

04/13/2023, 7:25 AM
Means it's possible to use kotlin in VS to make ganes ?
j

James

04/13/2023, 7:26 AM
@Johann Pardanaud Well, yes, Lua was made in a way that allows developers to completely sandbox it. Although, if it wasn't for the awful syntax I'd probably use it.
@sciack Looking into it! Thanks!
@Rizwan I mean, you can use vim, nvim, helix, or nano for all that matter. You just won't get any scene editor, asset explorer, etc, like you would in for example Unity or Unreal Engine.
r

Rizwan

04/13/2023, 7:28 AM
Thanks for the info.
j

James

04/13/2023, 7:31 AM
@sciack Okay, I skimmed through a couple of articles. I'm not entirely sure how to use this in the context of embedded scripting, where scripts could be added and removed at runtime. Do you have any examples?
@Rizwan No problem ❤️
s

sciack

04/13/2023, 7:35 AM
No, was just an idea, if the script engine is inside a module, you can limit what can access (if I remember and understand correctly), sometimes I confuse it with OSGi (and no, don't go in that path).
j

Johann Pardanaud

04/13/2023, 8:23 AM
Honestly, your users will probably don’t care about the “beauty” of your scripting language, and you should probably care more about the runtime security 😅
j

James

04/13/2023, 9:10 AM
Runtime security is obviously priority one, however, quality of life is important too. Writing in Lua is painful considering there is no type safety at all what so ever. Not only is there no typing, but the general syntax and supported expressions is horrible. That's my personal opinion though. I do have to provide APIs to the sandbox that allows the end-user to interact with other parts of the game and it would be easier and a better experience having that in Kotlin.
j

Johann Pardanaud

04/13/2023, 11:25 AM
Do your users will prefer to learn a new language (a complex one) and how to manage types (if it’s their first typed language), or would they prefer a simpler language they could already know (through Garry’s Mod or Roblox for example) without having to think about types? I’m not a huge fan of Lua’s syntax too, but a lot of people know it, it’s easy to learn, the runtime is secured and you can easily provide your own APIs. Maybe you’re right, but just make sure to put those things into balance! But I will now shut up about Lua, this was not your question, sorry for the digression 😅
e

ephemient

04/13/2023, 2:11 PM
jpms isn't very useful for security sandboxing,
java.base
alone is too powerful
that link uses SecurityManager which is deprecated and will not function on newer JVMs
using a custom classpath, classloader, and bytecode verification could work, but it'll be quite challenging