Opening calc.exe from the S&Box C# sandbox
The article discusses the open-source game development platform S&Box and its use of C# for scripting. It highlights the security concerns associated with executing untrusted C# code and the methods used to mitigate risks. The author shares personal experiences while attempting to run and modify code within the S&Box environment.
- ▪S&Box uses C# for game scripting instead of Lua, which raises security concerns.
- ▪The platform scans code to block the use of certain APIs to enhance security.
- ▪The author shares their experience of modifying the editor and running unsafe code.
Opening excerpt (first ~120 words) tap to expand
How to open calc.exe from S&Box Thursday May 21, 2026 So, S&Box went “open source”. I don’t personally have any interest in the platform, but I did have interest in how they securely execute C# code… So S&Box is “Garry’s Mod 2”, or maybe it’s Roblox Source 2, I really don’t care about it directly. The thing that’s relevant to me is that instead of using Lua or something, they use full powered C# for game scripting. C#/.NET is not Lua: it is not designed to run untrusted code, so how do they get away with it? The solution is quite simple: they scan your code and block loading it if you use any APIs like File.Open(). Now, is this secure? Well… To be clear: if you are a security-minded person, this is an atrocious idea.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Slugcat.
Discussion
0 commentsMore from Slugcat
