Gregory's Server@popcar2 @godotengine Their reasoning for saying that everybody using a Godot game is potentially at risk is that mods or similar can inject malicious code into a legitimate game. Which is a somewhat legitimate concern - but seems fairly theoretical to me for the vast majority of Godot games.
|
4 comments
 I think you could also bundle a python interpreter, e. g. cpython with gdextension or rustpython and execute mailicious files. I guess you could also transpile source files before executing with an interpreter so gdscript support for malware scanners won't solve obfuscated code detection. @HugeGameArtGD @popcar2 Virus scanners are bad at their job and that problem is kinda unsolvable. It's not really Godot's fault that they are garbage, and it's not Godot's fault if people put too much trust in them, either. |
@ratsnakegames It's not different from saying someone could swap out your exe with a hacked one though, or swap out any of the files needed such as DLLs with malicious ones. If someone tampered with your file system, it's pretty much over. The report is pretty good and detailed but I don't agree that all games are potentially at risk.