Malicious activities in ob / ob2 configs

hi, is it possible to gain access to user folder or any other folder inside the host machine and tamper with files in any way using blocks and functions in ob or ob2?

what about when you use a repo, is it possible to gain a backdoor access upon loading the repo somehow?

im mainly concerned because im using a repo for some configs and want to know how safe ob or ob2 is made and if i can trust these repos in terms of file access, backdoors and other malicious activities.

1 Like

only use configs / repos from people you trust. Since OB2 can run c# directly its alot risker to use unexamined configs.

If you disabled system-wide file access in blocks (in RL Settings) then if the config has only blocks (and not C# code or script blocks) it will mostly be secure. You get a warning if the config has C# code anyways.

Upon loading it, no. But if you run a config with C# code (especially if you can’t review the source first) it’s extremely risky.

Anyways, as a general safety measure, DO NOT use OB2 on a system with root / administrator privileges. Make a separate limited user or use a virtual machine / docker. Docker is the best option in my opinion.

1 Like

it was very good for someone with knowledge to make a tutorial on how to use it in the docker for everyone’s safety

Safe source for configs might be hard to find. A lot of suspicious telegram groups. Maybe it’s possible to run it with Sandboxie or similiar tool?