Script Capabilities Preview [Client Beta]

I dont think we need a compiler on the client. All thats needed is for the server to compile the bytecode instead and send that to client. This would also allow for CRAZY anticheat solutions.

This announcement is quite a reminder of how much I haven’t kept up with Roblox announcements for a while… My entire thought reading this was “wait, they’re doing this after all the loadstring fiascos back in like 2011? When did they change they re-enable it and/or introduce a new system for arbitrary code execution such that they’d even have a use case for this?”

It sounds cool, I guess, but not something I’d personally have any use case for.

This is a W update I can’t wait to fully grasp it’s use-case

image
spamming notifications now eh

I’m not saying it does, I’m pointing out, to the people who are saying it might put an end to exploits, how it won’t actually affect anything.

1 Like

Experiences such as Build Island would greatly benefit from users being able to import their creations into the experience out of Roblox Studio, but this capability has been heavily restricted due to security concerns.

Now that we are getting fine-grain control over script permissions, when can we expect to see a relaxation of InsertService restrictions?

8 Likes

actually amazing feature
if only we could do this but for game client features as like a select to disable

1 Like

The server compiles LocalScript source, so, this isn’t really relevant to what I’m asking for which is just a way to programmatically build new scripts on the server.

1 Like

I’m feel secure and I’m very excited with this. I’m also glad roblox devs are doing this right now slight_smile:

so meaning this one
image
… can able not to run from the part of a Script with “require” function NICE!

First off this is great!!

Second, I have a suggestion:
For more fine-grained control, could you guys add restrictions on access to specific APIs and specific Instances? (Like add a property that is a table of instances that will be whitelisted/blacklisted that includes each instances’ descendants)

I have a game that lets players load their own models and currently I have to check each model with a backend before it gets loaded (when the Ban API came out someone went and banned everyone in the group, so I had to do that). If there were a way to restrict access to the Ban API and other things (for example, I would only want that model to be able to modify its descendants, but it should also be able to manipulate player GUIs, etc)

Not sure if I was clear with this but great feature overall!!!

1 Like

^ this. I would prefer allowing for a fine grain control. I would like to have scripters to have freedom messing around with the game including stuff outside of the sandbox but rather restrict certain apis such as the ban api in particular. The majority of issues with loading scripts is that backdoor access to apis regarding kicking, banning, and scripts that use apis to get backdoor access to all servers… This only thing needed for this to be 100% helpful is full api control and once thats implemented it would help everyone.

1 Like

I was messing around with the sandbox and I noticed that it’s impossible to create Sound instances. Is this intentional? I would expect this to be possible with the Audio group, or at least the Basic group. Is there a reason for this?

1 Like

While we will try to keep it stable as possible during the Beta, there is still a chance for breaking changes until it’s finalized.
For now, it can be treated as opaque in binary serialization.

We have plans to make the property publicly scriptable in the future, currently that API is for built-in Studio plugins only.

We will look into adding it for ModuleScript. You can still put them under a Folder and the intent was that it will be configured for groups of things and not often individually. Problematic if the root is a ModuleScript of course.

2 Likes

We will look into providing access to ReplicatedStorage and other services that are essentially ‘folders’ under AccessOutsideWrite.

3 Likes

We do have plans for an API to run a function under a custom timeout, but it’s only in early design stage with problems on how to handle functions using task library methods that have to be solved.

There are other exhaustible shared resources we are considering and there will probably will remain a way to escape a resource limit, our aim is to prevent unrecoverable data changes from being made.

We have something for this use case planned and will share details later.

1 Like

New Audio APIs are available using the Audio capability.

Unfortunately, capability for legacy sound APIs was added a bit late for the current release and will come in an update.

1 Like

Giving access to folder-like services via AccessOutsideWrites would essentially bring back a game I previously had to shut down due to scripting vulnerabilities (Abuse of Ban API, InsertService etc) without having to tell hundreds of its creators (most who will have moved on) to update their maps.

Please make this happen :pray:

7 Likes

Modules required with require(id) seem to escape the sandbox of the requiring script’s container.

I was able to ban myself with Players:BanAsync() using only the RunServerScript and AssetRequire capabilities.

5 Likes

Using getfenv or setfenv is entirely broken when sandboxed even when allowing all permissions, is this intentional due to its enviornment changing nature? Because I had the enviornment sandbox option turned on.

The current thread cannot call 'getfenv' (lacking capability Unassigned)