GoLisp security restrictions in GameSense, and how to disable them

06 Apr 2016

by Joel Hunsley

One of the features built into SteelSeries GoLisp is the ability to define an environment as restricted, preventing the execution of primitives with potential security implications. This includes primitives which read and write files, access other GoLisp environment frames, writing bytes to arbitrary ports, and enable debugging.

To reduce risks of malicious code being executed through the GameSense API, each GameSense app configured on a user’s machine is loaded into an individual restricted sandbox environment. Attempting to use any restricted primitives will log an error <primitive> is restricted from execution in this environment. But while this is ideal for the typical end user, sometimes you may want to do something with GameSense which requires the full capabilities of GoLisp. To facilitate this, we’ve introduced in SteelSeries Engine 3.7.0 the ability to load the GameSense environments on your own machine in unrestricted mode.

To enable the loading of GameSense environments as unrestricted, the command-line parameter -unrestrictedGameSense should be added when starting SteelSeries Engine 3. It should be added in the following locations:

On Windows

The shortcut that is created to launch SteelSeries Engine 3 manually (from the Start menu) is in the directory %PROGRAMDATA%/Microsoft/Windows/Start Menu/Programs/SteelSeries/SteelSeries Engine 3. Edit the properties of the SteelSeries Engine 3 shortcut here and add -unrestrictedGameSense to the end of the Target field. The shortcut for the instance of SteelSeries Engine 3 that is launched in the background on startup (if the option to do so is enabled) is located in %PROGRAMDATA%/Microsoft/Windows/Start Menu/Programs/Startup. Edit this shortcut the same way.

On Mac

The script that is used to launch SteelSeries Engine 3 Core both manually and automatically is /Applications/SteelSeries Engine 3/SteelSeries Engine 3.app/Contents/Resources/launchSSENextCore.sh. The line that begins with nohup "$MACOS_DIR"/ssenextCore -setlocale=$1>> ... should be edited to begin with nohup "$MACOS_DIR"/ssenextCore -setlocale=$1 -unrestrictedGameSense>> ....

If SteelSeries Engine 3 is already running when you make this change, you will need to exit and re-launch it. After doing so, restricted primitives that are executed in a GameSense environment will execute successfully rather than failing and logging an error.