On Mon, Jan 5, 2009 at 3:58 AM, Ivan Illarionov <[email protected]>wrote:
> WESNOTH REFACTORING AND FUTURE DIRECTION PLAN > > 1. Disable current Python AI code and add new integrated Python interpreter > in a form of C++ class. > Proof of concept: > http://github.com/ii/wesnoth/tree/master/src/wespython.hpp > Python will be re-enabled on top of new interpreter and new bindings. > The limited scope of the current interpreter don't allow to use it, > unfortunately. > > One thing to remember here is that wesnoth purposely is not a full function python interpreter in the AI for very good reasons. Campaigns can be downloaded by wesnoth from the campaign server that have not been vetted by a bona-fide developer. The decisions to include a python AI interpreter was accompanied by assurances that the interpreter would be sufficiently limited to guarantee that malicious content could not use wesnoth to effect the players system. While having the ability for campaign writers to have custom python modules might be nice, the security implications would be awful. Recently, a co-worker of mine discovered a trojan varient that used java-script run by adobe-acrobat (version 7 or earlier) to infect unwitting computers. Someone downloading and viewing an infected PDF would have a subtle root-kit installed. We don't want the same thing to happen with wesnoth campaigns and other unsupervised downloadable content. So, without getting into the whole c++ vs. python thing, the use of the full function python interpreter should be limited to modules distributed as part of the main distribution. Campaign python (including AI) should be restricted to only do things that are guranteed (as much as possible these days) to be secure. Darth Fool Retired Dev. -- ------------------------------------------------------------------- "In theory, theory and practice are the same, but in practice they're different." ------------------------------------------------------------------- John W. C. McNabb -------------------------------------------------------------------
_______________________________________________ Wesnoth-dev mailing list [email protected] https://mail.gna.org/listinfo/wesnoth-dev
