HISE Logo Forum
    • Categories
    • Register
    • Login

    Malicious use of snippets

    Scheduled Pinned Locked Moved
    Scripting
    2
    2
    65
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • d.healeyD
      d.healey
      last edited by d.healey

      It occurred to me that since we can run terminal commands from HISE it would be quite easy to send someone a snippet that as soon as they loaded it would do nasty things to their system (intentionally or otherwise).

      I'm sure it would be reported quite quickly but that wouldn't help the first victim very much. Is there anything we can do to protect against this?

      For example this will delete the user's home folder.

      const rm = FileSystem.fromAbsolutePath("/usr/bin/rm");
rm.startAsProcess("rf ~/");

      Libre Wave - Freedom respecting instruments and effects
      My Patreon - HISE tutorials
      YouTube Channel - Public HISE tutorials

      A 1 Reply Last reply Reply Quote 7
      • A
        aaronventure @d.healey
        last edited by

        @d-healey delet dis nephew

        On a serious note: it's a good point. Probably needs a snipper preprocessor which will execute the scripts, check if any startAsProcess calls were made or FileSystem deletion was used and warn the user about it or load it in the same window like the snippet browser with the ability to display the offensive lines.

        Just checking the script for text wouldn't be enough as you can easily encode a blowfish string and hide it into an eval call.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        35

        Online

        1.8k

        Users

        10.4k

        Topics

        90.7k

        Posts