I am exploring a game concept which will allow for mods with their own assets/scripts to be loaded in and enabled in-game. Problem with scripts is they could do anything, including malware related things. To me, it looks like the safest way to limit the blast radius of this feature is to completely sandbox the game, to prevent internet access and disk read/write operations. I’m looking for confirmation as to whether this is actually possible, and how to go about doing it (starting point). I know you can never guarantee the safety and effectiveness of something like this, so how effective can I reasonably expect a system like this to be once fully developed?
Doubtful you’ll be able to allow them to add scripts…it’s already complied…but you could probably add things using json or something.
Scripting languages typically have a way to switch off harmful functionality. There is a C# framework on the Asset Store that can do this.
https://assetstore.unity.com/packages/tools/integration/roslyn-c-runtime-compiler-142753
This is @#%&^%#@#$%^ awesome, when did this happen??
I probably should have mentioned that I intend to allow mods to be created inside of Unity itself. It would be a bad user experience to need to do things differently to how they’re typically done in Unity.
I’m aware of a few ways to restrict C# namespaces when loading a mod’s .dll files directly. This was my initial approach. But restricting namespaces seems inferior compared to a firewall or sandbox approach. Was hoping to get input on that approach specifically, otherwise I’ll have to default to the original plan.
While I can somewhat understand this reasoning if your modding community is coming from other games that have built their modding tools around Unity, I’m doubtful that most modders are familiar with this approach and that it’s not as bad as you might be inclined to believe.
Up to you how you want to approach it though. Just understand that you’re not locked into using the compiler built into the editor. You can use assets like the one I linked to earlier to handle the actual compiling of scripts outside of the editor.
Unfortunately the Roslyn C# asset doesn’t do sandboxing and the developer of the asset mentioned that they hadn’t had any success in implementing it with C#. If you want to sandbox you’re likely going to have to choose some other scripting language and framework.
https://discussions.unity.com/t/737225 page-6#post-8367186
I don’t know what would be implied by firewalling the game. I can’t imagine any solution where an app that can turn on a firewall would be unable to turn that same firewall back off if it executed malicious code. Some platforms (eg mobile) have ways of preventing functionality from being available but that’s not really a thing on standalone.
Good food for thought. As I’ve not invested any effort in this, I can revise my approach. I’ll continue to ask around for pointers, thank you.
To be honest, this approach probably would really do anything for you. Also consider how mods are distributed. The sites that distribute mods (like Nexus and Steam) typically also have their own malware detection systems, on top of the more basic community/reputation based “protection”. I doubt that trying to sandbox it would be worth the effort, unless you personally enjoy doing that sort of work.