Jump to content

Noob question


ivo
 Share

Recommended Posts

Hi to all, what mean with some mission on line " need sanatize module " there is some file lua dangerous for DCS?

 

Bye

cpu:I7-6700k Z170 16GB Ram DDR4 Gtx 1080 8Gb DDR5 11GBs SSD 500 Gb 2 HDD 1Tb Evga supernova G2 850w Case Bequiet series 800 Silent base Win 10 pro 64 bit

 

My wishlist: F-35/B-17G/F4U Corsair/Yak-3/P-40B Tomahawk

Link to comment
Share on other sites

It's a function to prevent missions from executing malicious code by running programs outside of DCS. Some user created missions such as those in MBot's Dynamic Campaign Engine require that you disable the function, because they require external programs to read the results from your current mission and generate a new one.

Link to comment
Share on other sites

Ok thank for reply, then it is better download single mission from user file instead dynamic campaign?

cpu:I7-6700k Z170 16GB Ram DDR4 Gtx 1080 8Gb DDR5 11GBs SSD 500 Gb 2 HDD 1Tb Evga supernova G2 850w Case Bequiet series 800 Silent base Win 10 pro 64 bit

 

My wishlist: F-35/B-17G/F4U Corsair/Yak-3/P-40B Tomahawk

Link to comment
Share on other sites

Your best choice is clearly to head over to the ED store and purchase The Georgian War. :music_whistling:

 

Kidding aside, there is no malicious code contained within the Dynamic Campaign Engine, nor have I ever seen DCS attacked in this way, but it is a security vulnerability worth taking note of. If you choose to disable it make sure you aren't downloading .miz files from 4chan or anything. ;)

Link to comment
Share on other sites

Ok, if I understand, when I ad -sanitizeModule... into scrip lua exspose my pc to risk instead without put the line command into lua file my pc is safety but some dynamic mission ( as own Mbot's ), doesn't work

cpu:I7-6700k Z170 16GB Ram DDR4 Gtx 1080 8Gb DDR5 11GBs SSD 500 Gb 2 HDD 1Tb Evga supernova G2 850w Case Bequiet series 800 Silent base Win 10 pro 64 bit

 

My wishlist: F-35/B-17G/F4U Corsair/Yak-3/P-40B Tomahawk

Link to comment
Share on other sites

We need to be very specific. You are opening your PC to the risk that someone coded something in a MISSION FILE that does something to your PC you do not want when you run a DCS mission ONLY.

 

Ok, if I understand, when I ad -sanitizeModule... into scrip lua exspose my pc to risk instead without put the line command into lua file my pc is safety but some dynamic mission ( as own Mbot's ), doesn't work

Here's the "worst case scenario that no one ever saw".

 

I upload or distribute a mission with custom code in it.

 

In the code I contain my trojan

 

I write it to your hard disk using file.write and execute it with lua's os.execute, which will execute under whatever priviliges you run DCS with (plenty of elevated users no doubt)

 

If you undo the protection ED gives you by default, os.execute and file writing to the local hard disk will be available during the running of a mission. If you enable it, I could do that.

 

There are some mitigations:

1) ED might look at custom code uploaded to their site and could pull it if someone alerted them.

2) You could pay attention to things you download, from basic trustworthy names like Mbot, or the actual location of the mission, or actually read the code itself because Lua is fairly basic and you can open the mission and check the files and scan them yourself.

3) You could have an antivirus that is more than just Microsoft's in-built one and actually does heuristic scanning and machine learning. Whilst os.execute might be able to run, the moment the trojan attempts to write to say your host file or system32 or wherever, it will block it there.

4) Virus writers tend to propagate in popular environments and the risk is very very small, there are easier ways.

 

Multiplayer is relatively immune from this, it is the server-host that is affected because it runs the code. Clients just listen to the net stream and move the objects about during the mission execution. More and more often people remove the code directly form the mission file and have it local or precompiled so the clients dont even see it. Single players, downloading missions are the only in-scope vulnerable part of the community.

 

I've never heard of this actually being a thing, but it doesn't make it bad practice to be informed.


Edited by Pikey
line spaces appearing where no line spaces were requested

___________________________________________________________________________

SIMPLE SCENERY SAVING * SIMPLE GROUP SAVING * SIMPLE STATIC SAVING *

Link to comment
Share on other sites

Thanks for the exposure,

so if I write in the file.lua " -sanatizeModule " expose the pc to possible threats?

cpu:I7-6700k Z170 16GB Ram DDR4 Gtx 1080 8Gb DDR5 11GBs SSD 500 Gb 2 HDD 1Tb Evga supernova G2 850w Case Bequiet series 800 Silent base Win 10 pro 64 bit

 

My wishlist: F-35/B-17G/F4U Corsair/Yak-3/P-40B Tomahawk

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...