blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 11:09 AM |
From my analysis, there is a clear-cut model for the security of the Lua code run in Roblox.
There are five security levels (listed in order of increasing security), each of which with a particular purpose:
* **Game** - Script and LocalScript level * **RobloxPlace** - Script and LocalScript level in Roblox Places (set by Roblox code) * **RobloxScript** - Script and LocalScript level for privledged Lua assets * **LocalUser** - Command Bar, Locally executed code, CoreScripts, StarterScript level * **Roblox** - Roblox code level (think http://www.roblox.com/game/gameserver.ashx)
To see what security level matches with what API feature, see http://wiki.roblox.com/index.php/User:Blocco/API_Dump.
Happy coding!
~blocco |
|
|
| Report Abuse |
|
|
booing
|
  |
| Joined: 04 May 2009 |
| Total Posts: 6594 |
|
|
| 10 Jul 2013 11:15 AM |
| Niice, but http://wiki.roblox.com/index.php/Normal_Identities |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 11:16 AM |
u srs? dat was dere?
Wait what's writeuser |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 11:17 AM |
| It doesn't describe it completely correctly, I think. |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 11:18 AM |
| It's probably that they're missing RobloxScripts |
|
|
| Report Abuse |
|
|
coplox
|
  |
| Joined: 07 Jun 2008 |
| Total Posts: 3252 |
|
|
| 10 Jul 2013 11:19 AM |
Did you just duplicate this? http://wiki.roblox.com/index.php/Class_reference/API_dump |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 11:20 AM |
| I didn't know that was there when I made my page |
|
|
| Report Abuse |
|
|
coplox
|
  |
| Joined: 07 Jun 2008 |
| Total Posts: 3252 |
|
| |
|
bohdan77
|
  |
| Joined: 10 Aug 2008 |
| Total Posts: 7944 |
|
|
| 10 Jul 2013 11:22 AM |
| It seems blocco is ill-informed about the contents of the wiki. |
|
|
| Report Abuse |
|
|
Snoxicle
|
  |
| Joined: 17 Nov 2012 |
| Total Posts: 187 |
|
|
| 10 Jul 2013 11:22 AM |
spmr u btr gtfo b4 srcus dlts ur acc nd mrdr ur fmly
AW MAN THIS ISN'T WHERE I PARKED MY CAR |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 11:24 AM |
| gimme a break i wasnt here for a year |
|
|
| Report Abuse |
|
|
Snoxicle
|
  |
| Joined: 17 Nov 2012 |
| Total Posts: 187 |
|
|
| 10 Jul 2013 11:25 AM |
u snoze u loze
now get. out . spamer/hackerer1!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
AW MAN THIS ISN'T WHERE I PARKED MY CAR |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 11:27 AM |
hey u cant tell me wut to do i am a native to this forum |
|
|
| Report Abuse |
|
|
Snoxicle
|
  |
| Joined: 17 Nov 2012 |
| Total Posts: 187 |
|
|
| 10 Jul 2013 11:28 AM |
shaddap, you herd me, u snoze u lose !!!!!
ur nativity abilitiz also went away with ur wiki power !!!!!!!!
and dont hacker me any more or i call the blox agents !!!!!!!!!!!!!
AW MAN THIS ISN'T WHERE I PARKED MY CAR |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 11:30 AM |
| Looking at RobloxPlayerBeta.exe, WritePlayer fits snugly right between LocalUser and Roblox |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 11:56 AM |
| WritePlayer appears to allow you to modify (write to) a player object. |
|
|
| Report Abuse |
|
|
|
| 10 Jul 2013 12:15 PM |
| Pretty sure that isn't right. Level 4 can't set players name or anything, and level 2 can set Player.Character and other stuff just fine. |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 12:16 PM |
| No, it's right. The security labels apparently don't match up with the identity levels though. |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 12:17 PM |
| Wiki's wrong somewhere, I know that |
|
|
| Report Abuse |
|
|
bohdan77
|
  |
| Joined: 10 Aug 2008 |
| Total Posts: 7944 |
|
|
| 10 Jul 2013 12:19 PM |
| a good part of the wiki is outdated, Anyways. |
|
|
| Report Abuse |
|
|
Maradar
|
  |
| Joined: 06 Mar 2012 |
| Total Posts: 4478 |
|
|
| 10 Jul 2013 12:28 PM |
>a good part of the wiki is outdated, Anyways. Last time I checked, whenever an offical ROBLOX update comes out, 1-2 days later, the wiki adds it. So that's likely why.
-Maradar |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 12:30 PM |
I wrote some security-test code:
local scriptPermissionLookup = {"GameSecurity", "RobloxPlaceSecurity", "RobloxScriptSecurity", "LocalUserSecurity", "WritePlayerSecurity", "RobloxSecurity"}; local scriptPermissionLevel do local guiButton = Instance.new("ImageButton"); local selectionService = game:GetService("Selection"); local cookieService = game:GetService("CookieService"); scriptPermissionLevel = 1; if pcall(script.GetHash, script) then -- robloxplace scriptPermissionLevel = 2; if pcall(guiButton.SetVerb, guiButton, "Stop") then -- robloxscript scriptPermissionLevel = 3; if pcall(selectionService.Get, selectionService) then -- localuser scriptPermissionLevel = 4; if pcall(Instance.new, "Player") then -- writeplayer scriptPermissionLevel = 5; if pcall(cookieService.GetCookieValue, cookieService, "non-existant-cookie") then -- roblox scriptPermissionLevel = 6; end end end end end end
print("I have " .. scriptPermissionLookup[scriptPermissionLevel]); |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 12:33 PM |
And then I cleaned up my security-test code:
local scriptPermissionLookup = {"GameSecurity", "RobloxPlaceSecurity", "RobloxScriptSecurity", "LocalUserSecurity", "WritePlayerSecurity", "RobloxSecurity"}; local scriptPermissionLevel do local guiButton, selectionService, cookieService = Instance.new("ImageButton"), game:GetService("Selection"), game:GetService("CookieService"); scriptPermissionLevel = 1; scriptPermissionLevel = scriptPermissionLevel + (pcall(script.GetHash, script) and 1 or 0); scriptPermissionLevel = scriptPermissionLevel + (pcall(guiButton.SetVerb, guiButton, "Stop") and 1 or 0); scriptPermissionLevel = scriptPermissionLevel + (pcall(selectionService.Get, selectionService) and 1 or 0); scriptPermissionLevel = scriptPermissionLevel + (pcall(Instance.new, "Player") and 1 or 0); scriptPermissionLevel = scriptPermissionLevel + (pcall(cookieService.GetCookieValue, cookieService, "non-existant-cookie") and 1 or 0); end
print("I have " .. scriptPermissionLookup[scriptPermissionLevel]); |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 10 Jul 2013 12:35 PM |
| BUG: It's CookiesService not CookieService |
|
|
| Report Abuse |
|
|
bohdan77
|
  |
| Joined: 10 Aug 2008 |
| Total Posts: 7944 |
|
| |
|