On game startup the game client can optionally provide a method that takes in a reference to the match request and returns whether or not to allow users to see information from inside the VM.
The way this will be implemented is an additional field on the forfeit errors saying whether they're secret or not. Then in the code that serializes forfeit errors we should have add an additional check which is if secret then only return if the user is an admin.
I think the stderr of forfeit errors are probably the main place that we want to stop leaks, anywhere else is going to be minimal.
Obviously there are many ways to leak information, e.g. adding sleeps to take specific amount of times to encoding different numbers, but these methods are unlikely to every be able to leak more than a couple hundred bytes from a VM at a time which should make exfiltration difficult.
On game startup the game client can optionally provide a method that takes in a reference to the match request and returns whether or not to allow users to see information from inside the VM. The way this will be implemented is an additional field on the forfeit errors saying whether they're secret or not. Then in the code that serializes forfeit errors we should have add an additional check which is if
secretthen only return if the user is an admin.I think the stderr of forfeit errors are probably the main place that we want to stop leaks, anywhere else is going to be minimal.
Obviously there are many ways to leak information, e.g. adding sleeps to take specific amount of times to encoding different numbers, but these methods are unlikely to every be able to leak more than a couple hundred bytes from a VM at a time which should make exfiltration difficult.