Tuesday, August 23, 2022

Proposal: No More Arbitrary Code Execution

Withdrawn and therefore failed -SingularByte

Adminned at 24 Aug 2022 08:00:49 UTC

Rewrite the subrule ‘Tokens’ under ‘BotScript’ to read:

Some BotScript Triggers or Reactions may refer to Tokens being tracked or modified. Tokens are privately tracked by the Announcer; each Token contains an integer value, a flavour text string of no more than 5 characters which serves as its name, and belongs to exactly one Bot. When a Token is modified by a Bot, the value of that Bot’s Token with the given name is updated accordingly if it exists. Otherwise, a new Token is created belonging to that Bot with a value of 0 and the name of the Token the Bot attempted to modify, which is then updated accordingly. All Tokens are destroyed after each Bout.

Though a bit sketchy, it might be possible to use Tokens to modify the ruleset in unintended ways because what counts as a Token is ambiguously defined. Just to be on the safe side, this proposal makes Tokens clearer.


Josh: he/they

23-08-2022 17:40:09 UTC

This actually removes some of the safeguards in the original text. This text gives no guidance in how to proceed if two operators have the same token; furthermore, the existing line about tokens only existing relative to the scripts that generated them makes it possible for tokens to have effect outside of their intended use.


23-08-2022 17:45:04 UTC

That makes sense, yes. Withdrawn against

Josh: he/they

23-08-2022 19:36:00 UTC

FWIW this was still in the window where you could edit it freely in response to feedback; just so you know for next time!