Open the-vindex opened 1 year ago
I think I may have a idea for how this could work. if we maintained a list of known bad mod shas on the meta server we could flag them in a pre launch step. perhaps even suggest secure replacements? perhaps the mmpa would be willing to help maintain this?
What that project does is essentially having a patcher which is driven by config file, which lists vulenerable mods and classes to patch in a config file, which they update directly from github: https://github.com/dogboy21/serializationisbad/blob/master/serializationisbad.json
Serialization Is Bad is attached as a Java Agent, so perhaps a checkbox somewhere could be added to automatically download the latest version of SIB and add the JVM argument. Maybe the instance creation tab (and versions tab) could be a good place for this?
Role
I play modded minecraft
Suggestion
When launching modpack on vulnerable versions, I want Prism to automatically add fixer mod for security vulnerabilty, see link below. Or warn me and ask for permissing to oneclick add that mod
Benefit
Security
This suggestion is unique
You may use the editor below to elaborate further.
See post here https://github.com/dogboy21/serializationisbad/blob/master/README.md