Loading...
Loading...
Developers examined S&Box’s approach to running untrusted C# scripts and found its sandbox is built on a static API blacklist rather than a hardened runtime. By inspecting the compile-time blacklist and modifying game code, they showed dangerous patterns can be bypassed or crash the editor, underscoring that modern .NET wasn’t designed to host hostile code safely. The analysis highlights pitfalls like compiler-generated code invoking blocked APIs, platform/driver quirks complicating testing, and the broader challenge of securing game mod platforms that use C#. As general C#/.NET tooling evolves across Windows and Linux, secure isolation for embedded scripting remains an unresolved concern.
The S&Box findings show that compile-time API blacklists in C# are insufficient to stop determined attackers, posing risks for game engines and any platform embedding .NET scripting. Tech professionals must reassess assumptions about sandboxing and invest in stronger isolation or runtime-hardening when hosting untrusted code.
Dossier last updated: 2026-05-22 12:09:40
Microsoft is redesigning C#'s unsafe keyword to make memory-safety obligations explicit and enforceable: the keyword will mark any code interacting with memory in ways the compiler cannot verify, not just pointer syntax. The new model—influenced by Rust and Swift—treats unsafe as a propagated safety contract enforced by the compiler, with new safety comment conventions and expanded application across runtime libraries like System.Runtime.CompilerServices.Unsafe and Marshal. Implemented initially in the compiler main branch, the feature is slated as a C# 16 preview in .NET 11 and production in .NET 12, opt-in at first and potentially becoming default later. This increases visibility, auditing, and supply-chain safeguards amid growing industry focus on memory safety and AI-assisted code generation.
A developer investigated how S&Box (the Garry’s Mod successor) sandboxing allows C# game scripts and demonstrated bypassing its protections to run arbitrary native code. S&Box uses a compile-time whitelist/blacklist that blocks dangerous .NET APIs; the author argues this approach is fragile because .NET wasn’t designed to run untrusted code. They experimented with unsafe/ref pointer tricks and removed the compile blacklist to force compilation, encountering crashes and driver quirks during testing, and ultimately published and loaded a game to iterate on exploits. The write-up highlights that scanning source for forbidden APIs is brittle and risky for sandboxing a full .NET runtime.
Security researcher tested S&Box’s C# sandbox by attempting unsafe low-level memory manipulation to bypass its compile-time blacklist and run arbitrary code. The author inspected the sandbox’s banned API list, modified S&Box to disable the compile-time check, and provoked crashes in the editor by compiling code that abuses System.Runtime.CompilerServices.Unsafe patterns; after packaging and publishing a test game, they iterated to get code executing in-game. The piece highlights that S&Box (like Space Station 14) relies on static API blacklists rather than a hardened runtime, warns this is an insecure approach for running untrusted C#, and shows practical exploitation paths and debugging hurdles encountered. It matters because many platforms choose C# for scripting, and naive sandboxing risks remote code execution and platform compromises.
A developer explored how S&Box (Garry’s Mod 2) runs untrusted C# scripts and found its sandbox relies on static API blacklisting rather than a hardened runtime. They inspected the compile-time blacklist that blocks dangerous .NET APIs, attempted to bypass it by modifying the game’s code to remove the blacklist, and demonstrated that unsafe C# patterns can crash the editor and potentially evade restrictions. The write-up highlights inherent risks: modern .NET isn’t designed to host hostile code safely, compiler-generated patterns can trigger blocked APIs, and driver/environmental bugs complicate testing. This matters because using C# for mod scripting without a robust sandbox exposes platforms and users to security and stability threats.
Coding on Windows (and Linux) in 2024?! | Introduction to C# and .NET | Scott Hanselman