Search Unity

  1. Megacity Metro Demo now available. Download now.
    Dismiss Notice
  2. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

Destructive Unity Apps

Discussion in 'General Discussion' started by Nikovich, Nov 5, 2015.

  1. Nikovich

    Nikovich

    Joined:
    Jul 10, 2010
    Posts:
    69
    I began work on an automated content updating system for a video kiosk app I programmed; something that will replace old videos with new videos when you plug in a drive. The videos are being played from streaming assets and that's where it puts the new videos. This is the first time I've tried messing with any of the Directory class components, so I was expecting them not to work as I expected, and to have to spend the whole day researching it. To my surprise, I was able to target test directories on my computer, even the folders the videos were being played from, and delete them without any prompt or confirmation from windows, making new folders in their place with different content. Furthermore, they don't even go to the recycling bin, they are just gone.

    That kind of power has me worried. What's to stop someone from putting that in an app and having it target folders integral to the OS's processes, deleting them and replacing them with photos of donuts or something like that? Is there some permissions setting that disallows this kind of access from the app? Obviously I am not about to try this on any of my machines, but is a valid concern?
     
  2. Waz

    Waz

    Joined:
    May 1, 2010
    Posts:
    287
    Any EXE you run can do all sorts of damage to your computer. It's that people don't know this that they download viruses and malware and generally make a mess of their computer systems. To a small degree it can be mitigated by using admin accounts, but most people will click through any kind of OS warning without reading it anyway (and they still need to be able to install software themselves, so it can't be prevented for the average home user).
     
    angrypenguin and Ryiah like this.
  3. JamesLeeNZ

    JamesLeeNZ

    Joined:
    Nov 15, 2011
    Posts:
    5,616
    not really.
     
  4. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    20,966
    If you're worried about it then your only guaranteed solution is to stop using Windows. As @Waz stated any EXE has this degree of power and you can only mitigate it so much. It's not limited to EXEs either. Windows still has VBScript even on the most recent release and there are viruses written in it.

    Other OSes, especially Linux-based ones, have ways to lock down what an application is capable of doing to your system and only those you expressly give permission to are capable of this.

    Still I haven't honestly run into a problem in many years. If you're careful you don't really have to worry.
     
    Last edited: Nov 6, 2015
    angrypenguin likes this.
  5. Martin_H

    Martin_H

    Joined:
    Jul 11, 2015
    Posts:
    4,436
    Are there any best practices for saving and loading data (on windows from a unity app) in a way that is least prone to screw up somehow? Ideally I'd like the game to behave similar to a portable app and stay inside its own directory.
     
  6. Kiwasi

    Kiwasi

    Joined:
    Dec 5, 2013
    Posts:
    16,860
    You have things like Application.persistantDataPath. If you save everything there, you won't be messing with any real stuff.

    But yes, the potential for executables to mess with the entire file system is characteristic of windows. Any piece of software can do it.
     
    Martin_H likes this.
  7. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,646
    That's not a Linux exclusive feature. You can tweak individual application permissions on windows too, but it's not something most people do (and is usually an overkill anyways).

    On windows, the applications you launch execute under the user account you are logged into by default. Standard users cannot delete or modify system files and files belonging to other users.
     
  8. Kiwasi

    Kiwasi

    Joined:
    Dec 5, 2013
    Posts:
    16,860
    Sort of. But many users run their main account with admin rights. Users also have a habit of dumping files in any old location on the hard drive, instead of in the properly secure locations.
     
    Martin_H and Ryiah like this.
  9. angrypenguin

    angrypenguin

    Joined:
    Dec 29, 2011
    Posts:
    15,617
    Yeah, but as application developers we can't be held responsible for that. Even if they're doing it in ignorance, they're telling their OS that any software is allowed to mess with anything. The reason the OS has these features is precisely because it can't be left up to the application - only trustworthy people would implement it in the first place.

    I'm not saying we should be careless and trash things, of course. I just mean that if users manage to use something we've written contrary to its design and also chose to lower their own security and then make a mistake that causes something to get lost/overwritten/mangled... can they really blame someone else?

    That's not Unity stuff, that's .NET / Mono / operating system stuff. As in, Directory et. al. aren't even a part of Unity's API, they're a part of the standard library that comes with the scripting environment. As others have said, every stand-alone application can do that. It's a part of why computer security is important. It's also a part of why that UAC thing people used to complain about is there - Microsoft were trying to tighten that stuff up.

    Personally, as someone who keeps all of my non-trivial work in version control anyway, I'm more worried about what apps can read than what they can delete, and people keep all sorts of stuff hanging around. You can't assume that something's safe - whether it be data or an application - just because it's on your computer. Coming in an installer doesn't magically make something benign.
     
  10. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,646
    That was the case up until Windows Vista. Since Vista, with the help of UAC, applications run as standard user even if the current user is administrator. Applications can ask for administrator rights, but it produces UAC prompt to the user, and unless the user grants the rights or the user disabled the prompt, application cannot execute as administrator.
     
    landon912, Kiwasi and angrypenguin like this.
  11. Martin_H

    Martin_H

    Joined:
    Jul 11, 2015
    Posts:
    4,436
    Thanks! I have googled that and it seems to point to something like "C:\Users\<user_name>\AppData\LocalLow\<company_name>\<product_name>". I'd rather stay within the folder my game comes in (like a portable app). Can I use http://docs.unity3d.com/ScriptReference/Application-dataPath.html instead? That sounds more like what I'm looking for.


    If enough people get angry enough at you, it no longer really matters if their reason for it is valid :-/.


    I have UAC disabled, run my account with admin rights and if I could disable the file permissions stuff entirely in windows 7 I totally would. I've had nothing but trouble with it and have lost quite a few hours of my life finding out how yet again a problem with a program crashing or not working properly came from file permission issues. I'd much rather have my system be unsecured, back my data up properly and have a little faith in my anti virus software and my own judgement than be bothered by things not working properly every now and then. So, if anyone knows how to turn that off I'm all ears ^^.
     
  12. Brainswitch

    Brainswitch

    Joined:
    Apr 24, 2013
    Posts:
    270
    You could, but that will make your game require admin rights if your game is installed under Program Files. Some users will not like that.
     
    Martin_H and Kiwasi like this.
  13. neginfinity

    neginfinity

    Joined:
    Jan 27, 2013
    Posts:
    13,554
    Uh, I thought it became less common since Windows 7 (user accounts do not have admin rights by default)? Was I wrong about that?

    By default application is able to wreck user's document folder, but it will have hard time destroying the system itself, due to access restrictions. App won't be able to kill admin processes, write into program files or system folders unless it is run with admin privileges. If user is working as admin, though, he's asking for trouble - it is nearly as dangerous as working as root on linux.
     
  14. Martin_H

    Martin_H

    Joined:
    Jul 11, 2015
    Posts:
    4,436
    *sigh* and once again I wish this rights management/security stuff wasn't there in the first place ^^. Thank you very much for this crucial information! It would be one of the things that don't cause issues on my system but many users could run into problems if I do it that way. Guess I really should use Application.persistantDataPath as suggested by @BoredMormon .
     
  15. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    20,966
    You may want it to be that way but the user may not. Provide both a portable and non-portable release for your app and allow the user to decide by picking the one they want. A user who wants the portable one will know better than to stick it in a restricted folder.

    Personally I prefer the non-portable for most cases. I like having everything in one central location.
     
    Martin_H likes this.
  16. angrypenguin

    angrypenguin

    Joined:
    Dec 29, 2011
    Posts:
    15,617
    People say that without realising the benefits they're getting from such things. I also always wonder what those people would say in the event that they're compromised and suffer damage as a result. Just imagine what could happen to computers in general if a bug in, say, Flash, or Java, or the Unity Web Player, or a random multiplayer game, or Skype, or any other Internet-enabled application, could (more) easily allow apps full access to your computer.

    That can already happen if the wrong people get the right opportunities. The only reason it doesn't happen more often is that security is considered not in just one place, but in most (if not all) links in the chain of delivering and running software, meaning that multiple things have to fail. I agree its a pain at times, and I agree that some measures can be overkill (there's always cost/benefit or risk analysis to be done), but I think that file permissions and account levels are a pretty good idea.

    On that note, where are you running into issues? Steam is the only thing that gives me grief, and only when moving my library of games between OS installs. Aside from that things do a pretty decent job of looking after themselves.
     
    Martin_H and Ryiah like this.
  17. Ryiah

    Ryiah

    Joined:
    Oct 11, 2012
    Posts:
    20,966
    I still remember a game that messed up and filled my IBM PC XT with folders all nested under each other. Couldn't fix it with the tools I had available at the time so I had to wipe the drive (a whopping 20MB).
     
    angrypenguin likes this.
  18. HemiMG

    HemiMG

    Joined:
    Jan 17, 2014
    Posts:
    911
    Linux takes it a bit too far though, me thinks. As I worked on an input plugin I encountered many problems. Logitech on Mac sucks. Windows itself isn't that great. But Linux doesn't even allow low level access to input data without root, at least as far as I can tell. It's a pain. And it shouldn't be. Being that protective over input is like when I try to pay a bill overt the phone and they insist on verifying who I am. You know what? If some random stranger wants to pay my bill, let them. Seriously, random strangers, please pay my bills.
     
    landon912, Martin_H, Kiwasi and 2 others like this.
  19. Martin_H

    Martin_H

    Joined:
    Jul 11, 2015
    Posts:
    4,436
    I run the "high risk setup" for as along as I can think of and I remember 2 instances of having lost data that might have been prevented otherwise. One was an actual trojan that my anti virus detected too late and I reformatted C: to be sure. Cost me mainly time and nerves to do everything neccessary. Another time I used a blender plugin that was intended to streamline the process of switching meshes back and forth between sculptris and blender. It somehow deleted files in the folder where my autohotkey scripts are. It somehow must have gotten that folder reference because I launch blender from the autohotkey script in that folder. That probably would not have happend if it hadn't have the full privileges, but then it would not have been able to do what it was intended to do either I guess. Maybe if it had been written more carefully it could have worked out but it wasn't and the author of the script never got back to me after I reported loss of data. Wasn't a big deal for me, I had a backup of that scripts folder.

    The biggest issue I had with file permissions were Photoshop crashes. It happend with CS6 I believe but I'm not 100% sure it is limited to that specific version. The situation was that I had 1 SSD in the System and wanted PS to use the SSD for its temporary files because that usually is the performance bottleneck in my usecase. It turned out that Photoshop writing to c:\ (which was the SSD) caused crashes sometimes. Crashes mean me losing work and almost getting a heart attack with some quite vocal raging afterwards. From what I researched the problem was rather common and especially sysadmins that had to deploy PS on systems, where C: was the only partition, ran into this issue.
    My workaround was to create a c:\pstemp\ folder and mount that as z:\. Unfortunately PS doesn't allow to select subfolders and always writes the temp data to the root folder of the drive. If you say it shouldn't do that I'd agree, but it is what it is and to me only matters that I don't get the crashes while I work with it.

    Then there is some weird issue with something from the Adobe Acrobat directory not being deletable, but I'm not sure it's even caused by filesystem permissions and it's not a real issue either.

    All in all I'd say I have lost more data to physical hard disc failure than anything else.

    And I agree that the different layers of security and permissions are a net positive for the world. I just tend to have special snowflake usecases and evaluate the cost/benefit calculation a bit biased. ^^