Hello, I'm using Kotlin for game development and w...
# getting-started
j
Hello, I'm using Kotlin for game development and want to offer the end-user with an embeddable scripting experience. The scripts will be ran on the game host server and thus need a way to be sandboxed for safe execution. I have gotten Kotlin (kts) to work with javax.script, but now need to take security measures to ensure the following: 1. Prevent reading system information (such as reading the os release, or memory information). 2. Prevent reading the process environment (such as PATH, USER or SUPER_SECRET_GAME_KEY). 3. Ideally prevent reading high-resolution time measurement (it can be used in fingerprinting or timing attacks). 4. Fully or partially prevent network access using allowlist (such as tcp4/google.com/80 or tcp/google.com) 5. Prevent reading/loading of native libraries (such as libawesome.so) 6. Prevent reading from/writing to the file system (such as password.txt) 7. Prevent spawning processes (such as
bash -c ':(){ :|:& };:'
) Is anyone familiar with ways to achieve this, or able to point me in the right direction to learn more about java.security?
🍴 1
e
sandboxing inside the JVM is basically dead. https://openjdk.org/jeps/411
👍 1
j
I suppose I could manually create a script runtime instance for Kotlin and limit the classpath to classes provided and implemented by myself. Is that something that sounds doable in embedded scripting with Kotlin?
t
by the way, kotlin for game development sounds cool. how's the performance compare with c#/unity?
r
What ide I need to use to create games with kotlin any links ?
j
What about Lua for the scripting language? You will be able to control the available APIs in the whole runtime
s
Or using JPMS to limit the module the script can access? I know that there are some limitation and interoperability issues between JPMS and Kotlin, but could be a way.
j
@to-elixir I don't have specific numbers, but the performance is completely fine for my usage. The game runs JVM still and not natively and in the browser.
@Rizwan I use Visual Studio Code, I don't use a "game maker" to work on it.
r
Means it's possible to use kotlin in VS to make ganes ?
j
@Johann Pardanaud Well, yes, Lua was made in a way that allows developers to completely sandbox it. Although, if it wasn't for the awful syntax I'd probably use it.
@sciack Looking into it! Thanks!
@Rizwan I mean, you can use vim, nvim, helix, or nano for all that matter. You just won't get any scene editor, asset explorer, etc, like you would in for example Unity or Unreal Engine.
r
Thanks for the info.
j
@sciack Okay, I skimmed through a couple of articles. I'm not entirely sure how to use this in the context of embedded scripting, where scripts could be added and removed at runtime. Do you have any examples?
@Rizwan No problem ❤️
s
No, was just an idea, if the script engine is inside a module, you can limit what can access (if I remember and understand correctly), sometimes I confuse it with OSGi (and no, don't go in that path).
j
Honestly, your users will probably don’t care about the “beauty” of your scripting language, and you should probably care more about the runtime security 😅
j
Runtime security is obviously priority one, however, quality of life is important too. Writing in Lua is painful considering there is no type safety at all what so ever. Not only is there no typing, but the general syntax and supported expressions is horrible. That's my personal opinion though. I do have to provide APIs to the sandbox that allows the end-user to interact with other parts of the game and it would be easier and a better experience having that in Kotlin.
j
Do your users will prefer to learn a new language (a complex one) and how to manage types (if it’s their first typed language), or would they prefer a simpler language they could already know (through Garry’s Mod or Roblox for example) without having to think about types? I’m not a huge fan of Lua’s syntax too, but a lot of people know it, it’s easy to learn, the runtime is secured and you can easily provide your own APIs. Maybe you’re right, but just make sure to put those things into balance! But I will now shut up about Lua, this was not your question, sorry for the digression 😅
s
e
jpms isn't very useful for security sandboxing,
java.base
alone is too powerful
that link uses SecurityManager which is deprecated and will not function on newer JVMs
using a custom classpath, classloader, and bytecode verification could work, but it'll be quite challenging