So, I've written a quick little mod that will print to singleplayer chat both the contents of any user-mode--accessible file on the hard drive and the entire list of handles and passwords from lastlogin in plaintext. Now, I am on a crusade to prevent this from happening.
My initial idea was to be able to use Java's built-in Security Manager to restrict access to the technicssp folder, but the problem is that the launcher does not invoke Minecraft as a separate instance of the JVM but loads it within itself. (This appears to be necessary because of the way minecraft.jar+modpack.jar works.)
I tried invoking the launcher .jar with a Security Manager active, and that works, but as I started granting permissions to make it work, I ran into the snag that it needs access to the "user.home" property (which is how it determines the location of .techniclauncher). This is reasonable, but it defeats me.
So, now I'm trying to come up with a Plan C. In theory, if I can find some way to invoke Minecraft directly with a Security Manager active, I can restrict it to read/write only the technicssp folder and nowhere else on the drive. I'm not seeing any way to do this without forking the launcher (probably way too difficult) or manually merging modpack.jar into minecraft.jar (bad) and invoking it by a secondary minilauncher.
Question
jakj
So, I've written a quick little mod that will print to singleplayer chat both the contents of any user-mode--accessible file on the hard drive and the entire list of handles and passwords from lastlogin in plaintext. Now, I am on a crusade to prevent this from happening.
My initial idea was to be able to use Java's built-in Security Manager to restrict access to the technicssp folder, but the problem is that the launcher does not invoke Minecraft as a separate instance of the JVM but loads it within itself. (This appears to be necessary because of the way minecraft.jar+modpack.jar works.)
I tried invoking the launcher .jar with a Security Manager active, and that works, but as I started granting permissions to make it work, I ran into the snag that it needs access to the "user.home" property (which is how it determines the location of .techniclauncher). This is reasonable, but it defeats me.
So, now I'm trying to come up with a Plan C. In theory, if I can find some way to invoke Minecraft directly with a Security Manager active, I can restrict it to read/write only the technicssp folder and nowhere else on the drive. I'm not seeing any way to do this without forking the launcher (probably way too difficult) or manually merging modpack.jar into minecraft.jar (bad) and invoking it by a secondary minilauncher.
Any thoughts?
15 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.