(Requesting use cases!) Allow access to real _G

Reinitialized · July 17, 2019, 8:03pm

As a Roblox developer, it is currently impossible to modify the actual Globals environment within normal security context access due to old restrictions in place from a legacy era. Nowadays, ROBLOX isolates the normal security context from others to prevent gaining access to protected API, thus making this protection obsolete. By removing this restriction, it’d open the door for more unique gameplay currently impossible due to the inability to sandbox third party ModuleScripts. Additionally, this would allow developers to better protect their games with usage of third party Modules as all normal identity scripts would inherit from the same environment, thus ensuring the ability to prevent undesired actions.

My example use-case would be allowing users to implement “mods” to my games using a publicly documented API. As it stands, it would be very difficult to implement such a feature without having to do a roundabout method involving a web server downloading, injecting sandboxing code into the Module, then re-uploading the Module to which the new Module would then be required.

Kampfkarren · July 18, 2019, 9:20am

I don’t understand. You should be able to sandbox just fine with setfenv/getfenv, no?

Elttob · July 18, 2019, 3:32pm

If you require by asset ID, you can’t set the function environment in which the module is run.

Reinitialized · July 18, 2019, 3:32pm

You can’t sandbox third party ModuleScripts without roundabout methods using setfenv.

EDIT:
Not to mention, it is not a guarantee that even if stated, third party ModuleScripts will return only functions. They could run malicious code beforehand to comply, something having access to real _G would solve. Not to mention again, it’s an outdated security practice from nearly over a decade ago.

FieryEvent · July 19, 2019, 3:33pm

If this allows me to change the require function in all of my scripts, I wouldn’t need to worry about updating the path of any of the used modules everytime in every script.

Reinitialized · July 22, 2019, 2:54am

Having access to real _G would not only allow this, but many more possibilities. It’s something which should have been kept as is since the inception of ROBLOX.