GMLscripts.com

Discuss and collaborate on GML scripts
Invert

You are not logged in.

#1 2009-08-02 08:53:45

xot
Administrator
Registered: 2007-08-18
Posts: 1,239

Secure Mode

Game Maker's "secure mode" is an interesting feature. It's problematic as well.

GM Help File > Preferences wrote:

Run games in secure mode. If checked, any game created with Game Maker that runs on your machine will not be allowed to execute external programs or change or delete files at a place different from the game location. (This is a safeguard against Trojan horses although success is not guaranteed.) Checking this means that games that utilizes external files etc. won't be running correctly. The setting only works while Game Maker is running. So if you run the game independently of Game Maker, for example as an executable stand-alone, it is NOT run in secure mode.

http://www.gmlscripts.com/gm8beta2/help … ences.html

It's a little ambiguous on the last point. If you run a GM-created executable, and the GM IDE is already running in secure mode in the background, the executable will also run as if it were in secure mode. Executables created while in secure mode are no different than those created while the mode is turned off.How a GM-created executable behaves depends entirely on the GM IDE running in the background.

Not being able to execute external programs is explained a bit more in another section of the help file.

GM Help File > Executing Programs wrote:

execute_program(prog,arg,wait) Executes program prog with arguments arg. wait indicates whether to wait for finishing.
execute_shell(prog,arg) Executes the program (or file) in the shell.
Both functions will not work if the player sets the secure mode in the preferences. You can check this using the read-only variable:

secure_mode* Whether the game is running in secure mode.

http://www.gmlscripts.com/gm8beta2/help … grams.html

This prevention from running external programs also extends to the use of DLLs and extensions, including GML-based extensions.


Abusing forum power since 1986.

Offline

#2 2009-08-02 10:09:04

xot
Administrator
Registered: 2007-08-18
Posts: 1,239

Re: Secure Mode

Not So Secure Mode

Unfortunately, there are some ways that secure mode is not so secure. I won't go into them all and turn this into a script-kiddie cookbook, but some basic things are worth mentioning.

A GM-created executable can always create, modify, and delete any file in the directory (and any sub-directories) it's run from (and the same is true of it's temporary working directory), on a computer under Windows XP or earlier. Not sure about Vista.

A GM-created executable can always read any file anywhere on the computer (or on a networked drive) under Windows XP or earlier. Not sure about Vista.


Abusing forum power since 1986.

Offline

#3 2009-08-12 16:30:37

paul23
Member
Registered: 2007-10-17
Posts: 110

Re: Secure Mode

I'm wondering a bit about the last statement: of course it could read the "drive": but isn't it possible to ëncrypt" things on ntfs drives with winxp, making it so only windows (chosen) programs can open it?

(besides: isn't this a bit common sense, apart from the fact it works on-already-build-executables)?

Offline

#4 2009-08-12 22:21:03

xot
Administrator
Registered: 2007-08-18
Posts: 1,239

Re: Secure Mode

The point I was trying to convey, without going into specific exploits, is that calling this mode "secure" is terribly misleading. It should not be possible to run GM-created spyware apps in secure mode. If Windows was built like Unix, this would be a non-issue.

As for encryption, I have no idea how that stuff works on NTFS.


Abusing forum power since 1986.

Offline

Board footer

Powered by FluxBB