CLEO Redux acknowledges some custom commands (opcodes) as unsafe and requires the user to decide whether to run them or not. Raw access to the process memory, loading external libraries or making network requests can be harmful and produce undesired side-effects. Hence CLEO introduces permission levels for running the unsafe code.
There are four available levels:
Any unsafe operation is allowed. Use this only when you trust the scripts you run.
This is the default permission level.
No unsafe operation is allowed unless the script explicitly requests it. Currently to request a permission, the name of the script file must include the permissions tokens wrapped in square brackets.
For example, if the script wants to access the memory via
0A8D READ_MEMORY the file name must contain
cool-spawner[mem].cs. If the file is named differently CLEO rejects
0A8D and the script crashes.
No unsafe operation is allowed unless the script explicitly requests it (see
"Lax") and the CLEO config file permits this type of operation under the
Permissions section in
cleo.ini allows to enable or disable groups of unsafe operations by using the permission tokens. For example,
disables all memory-related opcodes even if the script has the
[mem] token in the file name.
Permissionssection in the
cleo.inionly takes effect when
No unsafe operation is allowed.
mem- reading from and writing to the process memory, calling foreign functions
dll- loading dynamic libraries and finding exported functions
fs- creating, reading and deleting files from the local file system