Hacker News new | past | comments | ask | show | jobs | submit login

It's not that they don't require code execution, it's that there is more code execution happening in things that are supposed to be sandboxed than most people generally anticipate. It's not just VMs.

For example, how many of the map editors for various games are Turing-complete? If you download a custom map from random peer, you may be executing "sandboxed" code. Can it pull off a timing attack?

And the elephant is presumably javascript.




You'd still need a communication channel to the outside world that is available to the attack code/map or else it cannot exfiltrate the data it dumped.


In a multiplayer game where each of the peers is constantly sending the others data, that seems like a surmountable problem.


The map engine "executing" the map has no access to the network layer of the game; or at least it shouldn't.


what games don't have maps with manipulable objects that would need to have their state synced over the network? A barrel existing/having been exploded is one bit, the precise position of an object is quite a few more, etc.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: