aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorAdam Frisby2009-08-18 00:58:42 +1000
committerAdam Frisby2009-08-18 00:58:42 +1000
commit30c4aa55e6f18d153f164529a3435e44754c5352 (patch)
tree299ee502e9cfc09eb831d532b45879ed4f94e060
parentMerge branch 'master' of ssh://opensimulator.org/var/git/opensim (diff)
downloadopensim-SC-30c4aa55e6f18d153f164529a3435e44754c5352.zip
opensim-SC-30c4aa55e6f18d153f164529a3435e44754c5352.tar.gz
opensim-SC-30c4aa55e6f18d153f164529a3435e44754c5352.tar.bz2
opensim-SC-30c4aa55e6f18d153f164529a3435e44754c5352.tar.xz
Added additional configuration options for MRM Security. See OpenSim.ini.example under the [MRM] section.
Diffstat (limited to '')
-rw-r--r--OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs30
-rw-r--r--bin/OpenSim.ini.example22
2 files changed, 42 insertions, 10 deletions
diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs
index 9042e0d..bf523dd 100644
--- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs
+++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs
@@ -211,25 +211,39 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule
211 { 211 {
212 if (script.StartsWith("//MRM:C#")) 212 if (script.StartsWith("//MRM:C#"))
213 { 213 {
214 if (m_scene.GetSceneObjectPart(localID).OwnerID != m_scene.RegionInfo.MasterAvatarAssignedUUID 214 if (m_config.GetBoolean("OwnerOnly", true))
215 || 215 if (m_scene.GetSceneObjectPart(localID).OwnerID != m_scene.RegionInfo.MasterAvatarAssignedUUID
216 m_scene.GetSceneObjectPart(localID).CreatorID != m_scene.RegionInfo.MasterAvatarAssignedUUID) 216 || m_scene.GetSceneObjectPart(localID).CreatorID != m_scene.RegionInfo.MasterAvatarAssignedUUID)
217 return; 217 return;
218 218
219 script = ConvertMRMKeywords(script); 219 script = ConvertMRMKeywords(script);
220 220
221 try 221 try
222 { 222 {
223 m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + m_config.GetString("permissionLevel", "Internet") + "-level security."); 223 AppDomain target;
224 if (m_config.GetBoolean("Sandboxed", true))
225 {
226 m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " +
227 m_config.GetString("SandboxLevel", "Internet") + "-level security.");
224 228
225 string domainName = UUID.Random().ToString(); 229 string domainName = UUID.Random().ToString();
226 AppDomain target = CreateRestrictedDomain(m_config.GetString("permissionLevel", "Internet"), 230 target = CreateRestrictedDomain(m_config.GetString("SandboxLevel", "Internet"),
227 domainName); 231 domainName);
232 }
233 else
234 {
235 m_log.Info("[MRM] Found C# MRM - Starting in current AppDomain");
236 m_log.Warn(
237 "[MRM] Security Risk: AppDomain is run in current context. Use only in trusted environments.");
238 target = AppDomain.CurrentDomain;
239 }
228 240
241 m_log.Info("[MRM] Unwrapping into target AppDomain");
229 MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap( 242 MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap(
230 CompileFromDotNetText(script, itemID.ToString()), 243 CompileFromDotNetText(script, itemID.ToString()),
231 "OpenSim.MiniModule"); 244 "OpenSim.MiniModule");
232 245
246 m_log.Info("[MRM] Initialising MRM Globals");
233 InitializeMRM(mmb, localID, itemID); 247 InitializeMRM(mmb, localID, itemID);
234 248
235 m_scripts[itemID] = mmb; 249 m_scripts[itemID] = mmb;
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index a1532c5..166f2c6 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -1163,10 +1163,28 @@
1163 1163
1164 1164
1165[MRM] 1165[MRM]
1166 ; Enables the Mini Region Modules Script Engine. WARNING: SECURITY RISK. 1166 ; Enables the Mini Region Modules Script Engine.
1167 ; default is false 1167 ; default is false
1168 Enabled = false 1168 Enabled = false
1169 1169
1170 ; Runs MRM in a Security Sandbox
1171 ; WARNING: DISABLING IS A SECURITY RISK.
1172 Sandboxed = true
1173
1174 ; The level sandbox to use, adjust at your OWN RISK.
1175 ; Valid values are:
1176 ; * FullTrust
1177 ; * SkipVerification
1178 ; * Execution
1179 ; * Nothing
1180 ; * LocalIntranet
1181 ; * Internet
1182 ; * Everything
1183 SandboxLevel = "Internet"
1184
1185 ; Only allow Region Owners to run MRMs
1186 ; May represent a security risk if you disable this.
1187 OwnerOnly = true
1170 1188
1171[Hypergrid] 1189[Hypergrid]
1172 ; Keep it false for now. Making it true requires the use of a special client in order to access inventory 1190 ; Keep it false for now. Making it true requires the use of a special client in order to access inventory