In particular, this is about game extensions written in lua (luajit-2.0). I was contemplating whether I should restrict what these scripts can do, and arrived at the conclusion that I probably shouldn’t:
-
It’s hard to get right. Sounds silly, but chances are my sandbox is gonna end up leaky anyways.
-
The only benefit I could think of would be giving users some sense of security when running third party scripts.
-
The disadvantages would be that it’s just incredibly annoying for extension writers. That is, for now, myself (game content will be mostly scripted).
The reason I’m asking this now before I actually have anything presentable is that adding a sandbox early on is easy, but would impose said annoying restrictions on myself too. However if I first go on with it and then later decide I do need a sandbox after all, I’m gonna run into problems (I’d either have to rewrite the scripts that are already there, or introduce some form of trust management system which seems to be more trouble than it’s worth).
1
I believe that both the development of a videogame, which in any software development of a medium-large dimensions, the programmer will always try to create a layer exchange or free-set options for future functionality.
Lua is a language that allows these options are easy to implement for the end user, and for the developer, but that does not mean it is easy to plan your workspace, with experience I can tell you today, also a simple multiplication can leak, if the end user is allowed to customize their behavior.
If we focus on what a sandbox game has to offer, we can bequeath to understand that the end use can be a double-blade, allowing the game to become non-linear, interesting and fun, but at the same time not be easy plan their limits in the work area.
From a security standpoint, it sounds fantastic! a good test environment for extensions, should be implemented in all types of software.
In conclusion, I can say that although it seems that not worth making
a sandbox for your product, actually the developer or group of
developers will get more benefits, because as the end user can easily
configure your environment at the developer may also less time to make
changes to the functional structure. I am firmly convinced that a
sandbox game, (as in the software scalability), allows a creative
evolution of their extensions and a natural evolution of its
functionalities.
1
It’s hard to get right
It is actually not very hard to create a basic sandbox with whitelist of functions and then add custom implementations of potentially unsafe functions. This SO question seems like a good starting point.
but chances are my sandbox is gonna end up leaky anyways
I think it would be enough to start to provide some basic security: restricting access to files outside some special directories. There is no such thing as 100% secure applications anyway. Think of what can happen if someone will write some malicious extention: users will probably blame you as a developer. If you plan to give someone a chance to write extention, you will eventually need some security. If it’s only you – it is OK as it is.
The only benefit I could think of would be giving users some sense of security when running third party scripts.
This is exactly the reason why you should do sandboxing and it is not a valid argument against sandboxing.
The disadvantages would be that it’s just incredibly annoying for extension writers
I have some experience in game scripting and I don’t find it annoying to work in a sandboxed environment by itself. What annoys me is lack of functionality which is game-related, like specific APIs of in-game objects or poor implementations of such.
It may help if you look into LOVE engine as a good example (if you haven’t already), especially tutorial on filesytem API.