CIV4 New Customization Model Security Concerns

[warpstorm]

To do this would imply having someone become familiar enough with the inner workings of Python to make the changes. I suspect that they have enough on their plate without having to make a new one-off version of Python.

 

[sir_schwick]

What about someone modifying their own source code that has malicious code towards other players in MP games? It could be as subtle as planting trojan horses or self-replicating viruses in the other players systems.

 

[warpstorm]

I would assume that only data would be passed in MP games rather than code. Now there are ways to exploit this in nearly any MP game if you really wanted (buffer overruns, etc.)

 

[PeteT]

(Warpstorm: ) To do this would imply having someone become familiar enough with the inner workings of Python to make the changes.

FWIW, here's some idle speculation: according to MobyGames, the new Lead Programmer for Civ4, Mustafa Thamer, previously worked on URU: Ages Beyond Myst, which used Python. Although his main responsibility lay on the multiplayer side, it's possible that he has the skills to do this.

On the other hand, perhaps David McKribbin is dealing with it (from the Firaxis website):

McKibbin Trivia: David once designed security systems in a nuclear power plant!

 

[warpstorm]

It wasn't the skills I was concerned about, I'm sure many of their programmers could do it given the time. It's the time I was concerned about.

 

[Jon Shafer]

Yes, Moose is very skilled with Python, but I doubt fiddling with the way Python executes isn't on the top of Firaxis' list.