weyne/MOOSE
1
0
Fork 0
mirror of https://github.com/FlightControl-Master/MOOSE.git synced 2025-08-15 10:47:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
MOOSE/docs/advanced/desanitize-dcs.md
kaltokri 154026fbf8 New guides added
2024-02-15 16:47:43 +01:00

2.8 KiB
Raw Blame History

title, parent, nav_order
title parent nav_order
De-Sanitize DCS Advanced 98

De-Sanitize the DCS scripting environment

{: .no_toc }

  1. Table of contents {:toc}

De-Sanitize is the a modification performed by the user which disables some security features of DCS. Without de-sanitizing not all functions of Moose are available. Let's take a closer look and explain the details:

  • In the File-Explorer, navigate to your DCS main installation folder.
  • Navigate to the folder Scripts and open the file MissionScripting.lua with a good editor like Notepad++{:target="_blank"}.

The original file should look like this:

--Initialization script for the Mission lua Environment (SSE)

dofile('Scripts/ScriptingSystem.lua')

-- Sanitize Mission Scripting environment
-- This makes unavailable some unsecure functions. 
-- Mission downloaded from server to client may contain potentialy harmful lua code
-- that may use these functions.
-- You can remove the code below and make availble these functions at your own risk.

local function sanitizeModule(name)
	_G[name] = nil
	package.loaded[name] = nil
end

do
	sanitizeModule('os')
	sanitizeModule('io')
	sanitizeModule('lfs')
	_G['require'] = nil
	_G['loadlib'] = nil
	_G['package'] = nil
end

In line 17, 18 and 19 the method sanitizeModule disables the modules os, io and lfs.

{: .warning }

This is a security feature to avoid harmfull actions to be executed from inside a mission.

Disable this on your own risk!

If the lines will be disabled the lua code inside of missions can use the following functionality again:

  • os (at line 17):

    • Execution of commands from the operation system is allowed again. This is needed by some Classes when using Text-To-Speech with SRS{:target="_blank"}. But in theory it can also run harmful commands.

  • io and lfs (at line 18 & 19):

    • Different libraries to access files on your hard disk or do other io operations. This is needed by some clases if you want to save and/or read data. Like persistance for CSAR. But it may be abused to access or modify sensitive files owned by the user.

If you put two dashes (--) in front of each of the lines 17 - 19 the protection is disabled and the lower part of the file should look this:

do
	--sanitizeModule('os')
	--sanitizeModule('io')
	--sanitizeModule('lfs')
	_G['require'] = nil
	_G['loadlib'] = nil
	_G['package'] = nil
end

Save the file and it will enable the DCS Lua sandbox to access stuff on your computer.

{: .note }

After each update of DCS you need to repeat this because each update will overwrite this file by default.