Dangerous public servers LUA eval

[BiosNod]

I read in discord in "Public servers" about dangerous LUA eval ability:

Only join servers from people you trust, malicous server owners can send a packet to execute lua code on your computer (RCE).
We are not responsible for anything that happens to your computer when you join public servers.

Servers can deliver new script payloads to the client, and the client will execute them in an environment that can launch other programs on the host machine. It's not GC-specific, so any protections in GC are useless, protections will need to be clientside to have any security.

@hartie95 says: If I remember it correctly akebi also has protection for that build in

This is really not funny when the server can send the code to your computer and it will execute it, maybe probably add a client patch against the server code execution, some option to do that?

[KingRainbow44]

this is one of the larger concerns surrounding private servers, and something the team has thought of many times. currently the focus is on getting UserAssembly patching into Cultivation since this can already be done when injecting akebi. it's definitely a feature that will be implemented at some point though!