Access permissions system

I was thinking about this for a few years now comparing various possible solutions handling addons’ permissions to access resources, systems and APIs in a way that is transparent to the end user, the problem lies in finding a balance between allowing addons to access many things and the user knowing that this addon is actually doing what is expected and advertised and nothing dodgy is happening in the background.

There are many malicious activities that addons can have in form of backdoors (bitcoin miners, actual backdoors for taking remote control, viruses stealing, locking or removing your files, silently accessing your microphone and webcam, etc., etc.), but most harmful of them require access to critical systems (web servers, file system, hardware). The user would probably be surprised to find out that his HUD addon sends messages to a random web server every now and then or that his props pack requires access to his microphone for some reason.

To eliminate this surprise, the user should be notified about the addon willing to access a particular system or resource and be prompted to allow or deny this action or access.

A small example of a similar user-required confirmation of an addon doing something can be found in Garry’s mod after an update pushed a few years ago, when an addon tries to open a web page, the user is asked if he wants to see it. I think this should happen for many more things other than presenting web pages to the player.

In a nutshell, platforms similar to S&Box in their structure (web browsers, mobile operating systems) which allow executing external applications/modules/addons with unknown code have this system for quite a while now, it’s a standard.

In my opinion, S&Box should look at those systems and design something similar, it will protect many players from malware doing crazy things without their knowledge. What do you think?

image

P. S. Sorry for the great mspaint concept art.

That’s looks to be a promising idea and could be built off of the current whitelist system being developed I’m sure if it was so desired. It sounds like a promising idea and reminds me of how IPhones do the same with their apps.

I think on top of this for both community aspect aswell as safety it would be good to add “verified” addons on the workshop or addon browser to indicate a popular and/or non malicious addon.

1 Like

Who would mark those addons as “verified” though? And who would decide what’s malicious and what isn’t?

For example, there could be some tool in form of an addon that analyzes your game data and presents you some graphs and charts on occupied space, amount and types of installed addons or some other analytics, I could use this addon to get some useful information from it but I could also want to block it from accessing my saved expression 2 chips for example or sending some statistical information to addon author’s web server (even if it’s nothing malicious and is only used for good).

I should be presented with decisions to make on what data and resources I want to share with the addon and the addon should be designed in a way to expect permissions rejection and some meaningful behavior in these cases, either disabling associated features or just notifying the user that the addon can not function completely without such permission and explaining why it is needed rather than silently fail or cause exceptions or undefined behavior.

2 Likes

No I agree with what your suggesting and that is should be selectable as to what addons can acces what system and devices etc but I’m saying that in addition a verification system would work well.

As much as a system that allows you to disable acces and grant acces to certain features for addons 50-75% of people will just click yes and allow on all the access prompts. The others will be very hestitant to allow access and hopefully do so wisely and as you said if the reason for the access is explained then that would be beneficial.

If you had another system on top of that saying certain addons are not malicious (verification) then a lot more users will be comfortable with allowing access to systems aswell as users will be safer as they know they can trust certain addons.

As for verification that would probably have to be done by either manualy or there isn’t verification but a active report management team to shut down malicious addons as soon as there proven to be malicious.

1 Like

A system for reporting and taking down objectively malicious addons (which pretend to be a menu reskin but mine bitcoin in the background) is obviously a needed thing and already exists on Steam workshop and other platforms, but that isn’t connected with the permission system that much.

I do agree with the existing of careless people that are used to click the “yes yes I don’t care just let me play” button all the time, especially in an online game with many kids playing it, but it will both keep the ones who think about their privacy and security informed and left with options.

It will also make Facepunch look nicer by not distributing shitware that only gods know what does through their platform and users complaining that it’s Facepunch’s fault that these addons aren’t properly moderated yet have access to such critical systems with abuse potential.

2 Likes

I think this is a absolutely great suggestion. I thought of this myself many years ago.
I think the ‘trying to access’ dialog is unnecessary, but a simple allow/deny permissions list per addon or a very visible list of systems the addon will have access to when first installing is a great idea.

Addons maliciously accessing / doing things outside the scope of advertised content has been a huge problem in gmod since it’s inception, the most blatant examples being a model pack that adds its creator as an admin to whatever server it was installed on, etc.

2 Likes

what if instead of asking the player, the server owner can allow / deny this kind of stuff for all the players. and or make it a setting that players can turn on / off

1 Like

Not only addon authors but also server owners can mess with players, or the server owner can be not very competent to set this shit up properly and it wont be any useful.

1 Like

it would definitely need to be something that you could disable, it sounds like it would get really annoying

2 Likes

Maybe, yeah. There could be a checkbox for “never ask for permissions again” or something for those who don’t care.

1 Like