Plugin permissions system for viewing / controlling their functionality

Plugins come in a wide variety and there are many botted plugins that are unsafe. Even for the plugins that are safe, a developer may have downloaded it for 1 feature and does not want to give the plugin access to anything else.

The solution for this would be giving each plugin specific permissions (like when you download an app from the google play store). For example, developers can check off what the plugin should be allowed to access (i.e HTTPService, StarterGui, ServerScriptService, CollectionService, etc).

If Roblox were able to address this, plugins would no longer have the ability to perform unwanted actions without permission from the developer. Additionally, plugins with viruses will not be able to cause severe damage.

21 Likes

This is definitely needed. Plugins at the current state are completely unsafe, and it’s only a matter of time before a highly used plugin implements dangerous functionality.

For example, a plugin at it’s current state could send an entire game’s source code and models to the owner. That is super scary, and it only takes one person in your team having that malicious plugin for it to happen.

This needs to happen. If it doesn’t happen now, disastrous results will come from the future.

4 Likes

This post was merged here

Plugin Permissions

User Story

As a Roblox developer, it is currently too hard to download genuine plugins that don’t have backdoors in them. As a developer, it is difficult to make sure my team follow SyOps when there is no way to risk manage plugins without manual approval processes.

Solution Concept

Plugin Permissions would be mandated permission settings assigned to every plugin that needs to interact with sensitive functions that are often abused by backdoors and other malcious plugins.

Users would, at installation, have to agree to these in the same way as an OAuth Scope Permissions page, with particularly sensitive permissions having warnings about potential dangers so that an average user can understand why it might be concerning if it requires this access.

I’ve made a mockup for the sake of illustration:

If Roblox is able to address this issue, it would improve my development experience because it would make me feel safer about my game, and allow my developers to use the wonderful resources available to them more freely / without concern they’re downloading malicious content into their plugins.

5 Likes

This post was merged here.

As a Roblox developer, it is currently too hard to remove backdoors inerted by malicious plugins. As a developer working with team create, if one of my team has a bad plugin that inserts obfuscated scripts with backdoors, I have to manually delete each script which is time consuming. The worst thing is that usualy the bad plugins reinsert the scripts anyways.
So then i have to get a list of all the plugins my team is using, inspect their source one by one and determine which one is bad. All of this wastes my time and makes me less productive overall.

If Roblox is able to address this issue, it would improve my development experience because I would have to spend less time dealing with backdoors.

I suggest that Roblox removes the ability for plugins to edit and view the .Source property of scripts.
This ability can then be granted one time whenever the plugin tries to read or make edits or a plugin can be trusted by the user. It would also be helpful if studio warned the user in the output log whenever a script’s Source property is accessed.

It would also be helpful if Roblox added a PluginHasSourceAccess() function to prevent plugins like backdoor scanners from erroring

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.