RFS: 0ad

[Philip Taylor]

2011/4/11 Moritz Mühlenhoff <jmm at inutil.org>:
> Vincent Cheng <vincentc1208 at gmail.com> schrieb:
>> I can't pressure the Debian Mozilla team
>> to maintain an older Spidermonkey version for a single piece of software
>> (and I'm sure that they have a lot of other work to do), and from the
>> replies I've seen so far, it seems that embedding Spidermonkey code in 0
>> A.D.'s source is a no-no, or at least strongly discouraged.
>
> The whole "embedding code copies" handling isn't entirely black and white.
> In cases, where a embedded code copy has no security implications we've
> already made sensible compromises, e.g. in the case of kompozer, where the
> embedded Gecko copy has no security implications. What is Spidermonkey
> used for in the case of 0ad?

I started trying to write some rough notes at
http://trac.wildfiregames.com/wiki/SecurityModel . In summary: we
don't currently use SpiderMonkey to run untrusted scripts (unless the
user manually installs them), but will likely want to start doing that
fairly soon (for convenient automatic downloads of scripted maps for
multiplayer and potentially other things).

(If the goal is to minimise exploitable vulnerabilities, rather than
just to patch bugs for which security advisories have been issued,
then SpiderMonkey is probably the least troublesome part of the game -
there will be far more problems in the game engine (the multiplayer
networking code and (once there's automatic map downloading) the map
loading code and the engine functionality that is exposed to scripts
etc) than in SpiderMonkey itself, due to a lack of careful review or
thorough testing. Security is certainly a goal, and I want to improve
it before adding any automatic content downloading, but the game is
still only released as an alpha version and it's too early to have
much confidence in the implementation yet.)

-- 
Philip Taylor
excors at gmail.com