mirror-emu/gopher64
1
0
Fork 0
mirror of https://github.com/gopher64/gopher64.git synced 2026-06-03 10:35:31 -03:00
Code Issues Projects Releases Packages Wiki Activity
Page: Security
Pages
Converting save files from Simple64 or Project64 Default Gamepad Setup Default Keyboard Setup Explanation of options Home Hotkeys Netplay Guide Portable Mode RetroAchievements Savestates Security System Requirements Working with SD card saves
17 Security
Logan McNaughton edited this page 2026-05-28 17:51:54 +02:00
Table of Contents

Background

Emulators have been the subject of targeted attacks and coding mistakes that lead to vulnerabilities 1 2.

Like most programs, Gopher64 depends on external libraries. You can see a list of them in Cargo.toml under dependencies. I do not personally audit every line of code in these dependencies, although I do keep them updated, and they are regularly scanned for security vulnerabilities.

What I do

  1. Gopher64 is mostly written in Rust, which guards against memory-related vulnerabilities that can exist in C/C++ code.
  2. The Flatpak and MacOS builds have a very tight sandbox. The only files they have access to on your system are the ones you select via the "Open File" dialogs. Windows builds can also be sandboxed via the itch.io app.
  3. The Windows and MacOS builds are codesigned. This means that the program cannot be modified after release without the OS triggering a warning. On Linux, Flatpak verifies the program's integrity using the sha256sum.
  4. I utilize security features available from GitHub. For example: 2FA, code scanning, and Immutable Releases.
  5. I release assets directly from CI. This means that the sha256sum of the assets built on GitHub Actions matches exactly with the assets included in the GitHub release. This ensures that the files were not built using modified source code.

What you should do

  1. You should only download Gopher64 from official sources. The official sources are:
    1. GitHub releases
    2. itch.io
    3. Flathub (Linux)
    4. Homebrew (MacOS)
  2. You should use a sandboxed version of the program. The MacOS version is always sandboxed. A sandboxed version of Gopher64 for Linux is available on Flathub. On Windows, if you download Gopher64 via the itch.io app, you can enable sandboxing.
    1. Sandboxed Gopher64 can only see files that you select via the "Open File" dialogs. This will block any password sniffing, file deletion, or personal data-stealing attempts by malware.
    2. On Windows+itch.io, when you enable sandboxing, it creates a new user (C:\Users\itch-player-xxxxxx). Gopher64 will run as this user, which means you'll need to put your ROMs somewhere that this user can access them.