Help
Upon getting MZXAk2.0, I immediately decided to test out the file write functions. ?Of course, I was curious about the potential to create virulent code.
What did I do? ?I coded up a small ten-line code that opened and wrote to MZXAk2.exe (took less than a minute) and ran it. ?BOOM. *Crash!* went my computer, and when I restarted it MZXAk2.exe was permanently corrupted.
I would advise putting all of your important MZX files as read-only in their file properties. ?Otherwise, it's awfully easy for some maliciously scripted MZX game to blow up Megazeux.
Page 1 of 1
Mzxak2.0 precaution. Very important.
#1
Terryn 
- ******
-
- Group: DigiStaff
- Posts: 2,961
- Joined: 12-October 00
- Gender:Male
Posted 24 January 2002 - 05:28 PM
angelic stream - shed sanguine - ill-adapt - avis - para/lyser - renaissance - dead tangent - phosphene blur - birth breeds death - ________ - painted glass - lagniappe
<Exophase> HES STEALING MAH AIRSHIP!!!!!!11111111
<Exophase> HES STEALING MAH AIRSHIP!!!!!!11111111
#2
Maverick
- Batsu Certified
-
- Group: DigiStaff
- Posts: 1,593
- Joined: 03-August 00
- Gender:Male
- Location:Oklahoma, USA
Posted 24 January 2002 - 06:18 PM
Hm that brings up an interesting question. I haven't downloaded it yet, so I dont exacly know how it works, but could it concieveably write to non-mzx files, such as critical system files? is it restricted to writing to the directory its running from?
Retired Admin, DMZX Co-Founder
#4
Revvy
- Jeez guys, there's no need to be narky.
-
- Group: Members
- Posts: 3,520
- Joined: 05-March 01
- Gender:Male
- Location:Ontario, Canada
Posted 24 January 2002 - 07:01 PM
Yowch. Thanks for the warning. I see the usefulness of writing to files, but I warned people about this before.
<+AFK> Bringing whisky to my mother is like irrigating a lake.
<+AFK> dormando's apathy is palpable.
* AFK palpates
<dormando> stop that
<Malwyn> undressing with revvy a little over a metre away. new definition of awkward.
<+AFK> dormando's apathy is palpable.
* AFK palpates
<dormando> stop that
<Malwyn> undressing with revvy a little over a metre away. new definition of awkward.
#5
Nanobot
- It's in your blood
-
- Group: Members
- Posts: 1,623
- Joined: 11-October 00
- Gender:Male
- Location:Chico, CA (USA)
Posted 24 January 2002 - 08:15 PM
I still say there should be a feature in the startup settings screen (or the in-game one) that allows you to switch it to read-only mode. That would allow the user to prevent any mishaps while playing a new game.
The Nanobox, where wings take dreams...
#6
Akwende
- Member
-
- Group: Members
- Posts: 317
- Joined: 03-August 00
- Gender:Male
Posted 25 January 2002 - 12:11 AM
I know about the possibility of mallicious actions due to scripts but there are a few things to consider:
Almost every programming languages allows you to alter files no matter what they are. So basically you have to assume that a mzx game has the same chance of doing harm as any other program you download.
Protection:
Make files you don't want messed up read-only. This is a good idea anyway. Also have back ups. Another possibility is simply rename the file. Make MZXak2.exe to MZX<myinits>.exe if you want.
Also if anyone releases a game that modifies an external file (one that it doesn't create) simply report it and have the person banned.
Almost every programming languages allows you to alter files no matter what they are. So basically you have to assume that a mzx game has the same chance of doing harm as any other program you download.
Protection:
Make files you don't want messed up read-only. This is a good idea anyway. Also have back ups. Another possibility is simply rename the file. Make MZXak2.exe to MZX<myinits>.exe if you want.
Also if anyone releases a game that modifies an external file (one that it doesn't create) simply report it and have the person banned.
#8
ShloobeR
- theire are with too much aaaaaaaaaargh
-
- Group: Members
- Posts: 3,984
- Joined: 07-February 01
- Gender:Male
- Location:El Chair
Posted 25 January 2002 - 10:55 AM
Jasukan, on Jan. 25 2002,04:23, said:
I'm...scared. ?=/
Agreed. O_o
I don't like the idea of being able to write to files...
It's just asking for trouble...
#9
Nanobot
- It's in your blood
-
- Group: Members
- Posts: 1,623
- Joined: 11-October 00
- Gender:Male
- Location:Chico, CA (USA)
Posted 25 January 2002 - 04:01 PM
I disagree. I think file access is a revolution in MegaZeux. Though I'm still getting the hang of how it works, I can see so many uses, particularly in MegaZeux Desktop (which I still add a thing or two on every now and then).
The file access feature should NOT be removed from future MZX versions, but maybe some precautions should be added. Maybe it can be made so executables can't be written to, or maybe there can be some sort of identifier at the beginning of the file that signifies it was created by MZXAK and will allow it to be written to (or course, you shouldn't be able to overwrite that identifier, and it would act as if the file starts immediately after it).
The file access feature should NOT be removed from future MZX versions, but maybe some precautions should be added. Maybe it can be made so executables can't be written to, or maybe there can be some sort of identifier at the beginning of the file that signifies it was created by MZXAK and will allow it to be written to (or course, you shouldn't be able to overwrite that identifier, and it would act as if the file starts immediately after it).
The Nanobox, where wings take dreams...
#11
Wervyn
- I can see you
-
- Group: DigiStaff
- Posts: 1,855
- Joined: 24-December 00
- Gender:Male
- Location:Caras Galadhon
Posted 26 January 2002 - 08:57 AM
Yeah, I know, I've been dead or something, but that's the way it is sometimes. ?Can't promise anything, but maybe in a few weeks I'll be back regularly.
Now, as for file writing/reading: while reading files is probably okay across the board, any command to write to a file should automatically add the extension ".mzf" or some such, if the extension is not included. ?This of course assumes that one is dealing with computers that can handle complex file names with more than eight characters and multiple periods. ?If that IS a concern, simply truncate the given filename at the first period, before the first illegal character, or at the eighth character in the string, and append the extension.
The effect of all this is that the only things that could ever be overwritten are said MZF files, which one would assume to be transient anyway, and if not (i.e. extra game files with constants or dialog strings or such), would be named such that it would be virtually impossible to write a "virus" to sabotoge one of them specifically. ?Since MZF is not a registered extension, much less something that can be executed in any way, and since it can't be used in MZX except as basic text (or so I assume, not having worked with it yet), there is no danger of more conventional viruses targeting the system.
But on the other hand, congratulations to Terryn (via Akwende) for finally finding a way to get MZX to crash Windows. ?And I thought it would be MadBrain...
"Terryn has a v1rU5, it r0x0rz j00r s0x0rz..."
Now, as for file writing/reading: while reading files is probably okay across the board, any command to write to a file should automatically add the extension ".mzf" or some such, if the extension is not included. ?This of course assumes that one is dealing with computers that can handle complex file names with more than eight characters and multiple periods. ?If that IS a concern, simply truncate the given filename at the first period, before the first illegal character, or at the eighth character in the string, and append the extension.
The effect of all this is that the only things that could ever be overwritten are said MZF files, which one would assume to be transient anyway, and if not (i.e. extra game files with constants or dialog strings or such), would be named such that it would be virtually impossible to write a "virus" to sabotoge one of them specifically. ?Since MZF is not a registered extension, much less something that can be executed in any way, and since it can't be used in MZX except as basic text (or so I assume, not having worked with it yet), there is no danger of more conventional viruses targeting the system.
But on the other hand, congratulations to Terryn (via Akwende) for finally finding a way to get MZX to crash Windows. ?And I thought it would be MadBrain...
"Terryn has a v1rU5, it r0x0rz j00r s0x0rz..."
To lie is to change the truth.
..Ignorance is to be unaware of the truth.
....Incompetence is to be unable to grasp the truth.
......And escape is to run away from the truth.
It is useless to run, since the truth is right next to you.
-Wervyn
..Ignorance is to be unaware of the truth.
....Incompetence is to be unable to grasp the truth.
......And escape is to run away from the truth.
It is useless to run, since the truth is right next to you.
-Wervyn
#12
Rubicant
- Smitemeister
-
- Group: Members
- Posts: 164
- Joined: 08-August 01
Posted 27 January 2002 - 03:52 AM
Just don't play any games written by DJ_southerntech or Viper and you'll be safe. Those guys are DANGEROUS!
By the way, my entire MZX directory are backupped to tape daily, as well as nearly everything I have that I don't think I'm gonna edit is read only.
[sarcasm] Another feature for MZXAK would be to be able to modify the FAT and directory structure. Hell, let's add the ability to turn off the cooling system and transformer![/sarcasm]
...well, it would be an idea.
By the way, my entire MZX directory are backupped to tape daily, as well as nearly everything I have that I don't think I'm gonna edit is read only.
[sarcasm] Another feature for MZXAK would be to be able to modify the FAT and directory structure. Hell, let's add the ability to turn off the cooling system and transformer![/sarcasm]
...well, it would be an idea.
Share this topic:
Page 1 of 1