Security when it comes to C# assemblies

hoochy · April 19, 2016, 02:11:57 AM

Does Rimworld do anything in particular to stop malicious stuff in mods? Any restrictions on the C# assemblies when loaded? Or does it run at the same security level as the rimworld.exe itself?

Jaxxa · April 19, 2016, 02:55:36 AM

I am not aware of any restrictions, as far as I know it is run with the permissions that Rimworld has.

From personal experience I released a mod that Deletes Files off the harddisk, and never ran into any restrictions.
It just deleted whatever I told it to.

I was only deleting storage files that the mod itself created and doing nothing malicious, but I dont think that matters as long as the user has permissions.

Fluffy (l2032) · April 19, 2016, 03:58:48 AM

I can confirm that mods do have access to the file system, although presumably user account control ( or similar security settings for linux/mac ) would stop it from touching anything vital.

Mods can also go online, which I presume will show up as RimWorld itself trying to get online - something which you may have already allowed it to do (version check and all). Finally, I'm fairly sure a mod could spawn a child process that doesn't close when RW closes. It's entirely possible for mods to act as backdoors for all kinds of nastiness.

All in all it's fairly scary, and a good reason for modders to post source so mods can be verified. That said, I have never encountered a mod that had malicious code in it, and I usually check the (decompiled if need be) source - for this reason, and to see if there's new tricks I can learn from.

RawCode · April 19, 2016, 07:53:17 AM

Code Select

            
ProcessStartInfo startInfo = new ProcessStartInfo();
            startInfo.FileName = @"D:\thisa.exe";
            startInfo.Arguments = @"D:\thisb.txt";
            Process.Start(startInfo);

allows to execute absolutely completely anything embedded into mod, also mod can download stuff from network, write to disk and execute.

skullywag · April 19, 2016, 07:59:39 AM

Due diligence when downloading anything from anywhere is up to the user. To combat it anywhere else is almost futile.

Toggle · April 19, 2016, 10:38:39 AM

Quote from: RawCode on April 19, 2016, 07:53:17 AM
Code Select Expand
ProcessStartInfo startInfo = new ProcessStartInfo(); startInfo.FileName = @"D:\thisa.exe"; startInfo.Arguments = @"D:\thisb.txt"; Process.Start(startInfo);

allows to execute absolutely completely anything embedded into mod, also mod can download stuff from network, write to disk and execute.

Although unless the mod has C#, xml, and is quite large, it would be pretty easy to notice the extra files going through them.

Rikiki · April 19, 2016, 01:06:28 PM

I believe that a simple "rm -rf /" command does not take much binary space...

Note: don't worry, all my source code is public.

RawCode · April 20, 2016, 08:11:30 AM

no matter your skill level and understanding of c# - download only from trusted developers.

it's possible to inject malware code into open source mod, it may look innocent but actually indirectly pass control to bytearray constructed somewhere else and invoke harmful code.

it's possible to notice, but, require both exceptional skill and exceptional luck.

Toggle · April 20, 2016, 08:20:12 AM

The thing is though, they would have to have more then C# ja? To have the c# activate something else would require said something else being a file in the mod, and as I said unless it's a mod with a lot of xml it would be easy to notice it.

1000101 · April 20, 2016, 03:20:57 PM

xml isn't the issue. xml can't do anything. It's loading assemblies (DLLs) which can be dangerous. As skullywag pointed out, "due diligence when downloading anything from anywhere is up to the user. To combat it anywhere else is almost futile." Also, as RawCode mentioned, "no matter your skill level and understanding of c# - download only from trusted developers." It's easy enough for a talented coder to elevate privilege levels of the executing assembly and do malicious things.

That being said, harmful code would quickly be spotted by other modders and the forum would be warned about it; the modder reported to the admins, etc. The bottom line is, if you don't trust it, don't download it.

Toggle · April 20, 2016, 03:22:15 PM

I meant for what I quoted above, for activating exe's from the mod and such as a virus.

1000101 · April 20, 2016, 03:26:38 PM

Calling fdisk is fairly damaging and can be executed by obtaining the system level security descriptor through code. fdisk is a system file found on Windows, Linux and MacOS and is used to partition hard drives. This is just one example of malicious code which doesn't require anything the system doesn't already have installed on it.

Toggle · April 20, 2016, 03:33:07 PM

Just ignore me.