GoLisp security restrictions in GameSense, and how to disable them
by Joel Hunsley
One of the features built into SteelSeries GoLisp is the ability to define an environment as restricted, preventing the execution of primitives with potential security implications. This includes primitives which read and write files, access other GoLisp environment frames, writing bytes to arbitrary ports, and enable debugging.
To reduce risks of malicious code being executed through the GameSense API, each
GameSense app configured on a user’s machine is loaded into an individual
restricted sandbox environment. Attempting to use any restricted primitives will
log an error <primitive> is restricted from execution in this environment. But
while this is ideal for the typical end user, sometimes you may want to do
something with GameSense which requires the full capabilities of GoLisp. To
facilitate this, we’ve introduced in SteelSeries Engine 3.7.0 the ability to
load the GameSense environments on your own machine in unrestricted mode.
To enable the loading of GameSense environments as unrestricted, the
command-line parameter -unrestrictedGameSense should be added when starting
SteelSeries Engine 3. It should be added in the following locations:
On Windows
The shortcut that is created to launch SteelSeries Engine 3 manually (from the
Start menu) is in the directory %PROGRAMDATA%/Microsoft/Windows/Start
Menu/Programs/SteelSeries/SteelSeries Engine 3. Edit the properties of the
SteelSeries Engine 3 shortcut here and add -unrestrictedGameSense to the
end of the Target field. The shortcut for the instance of SteelSeries Engine 3
that is launched in the background on startup (if the option to do so is
enabled) is located in %PROGRAMDATA%/Microsoft/Windows/Start
Menu/Programs/Startup. Edit this shortcut the same way.
On Mac
The script that is used to launch SteelSeries Engine 3 Core both manually and
automatically is /Applications/SteelSeries Engine 3/SteelSeries Engine
3.app/Contents/Resources/launchSSENextCore.sh. The line that begins with nohup
"$MACOS_DIR"/ssenextCore -setlocale=$1>> ... should be edited to begin with
nohup "$MACOS_DIR"/ssenextCore -setlocale=$1 -unrestrictedGameSense>> ....
If SteelSeries Engine 3 is already running when you make this change, you will need to exit and re-launch it. After doing so, restricted primitives that are executed in a GameSense environment will execute successfully rather than failing and logging an error.