diff options
| author | Adam Frisby | 2009-08-18 00:58:42 +1000 |
|---|---|---|
| committer | Adam Frisby | 2009-08-18 00:58:42 +1000 |
| commit | 30c4aa55e6f18d153f164529a3435e44754c5352 (patch) | |
| tree | 299ee502e9cfc09eb831d532b45879ed4f94e060 | |
| parent | Merge branch 'master' of ssh://opensimulator.org/var/git/opensim (diff) | |
| download | opensim-SC_OLD-30c4aa55e6f18d153f164529a3435e44754c5352.zip opensim-SC_OLD-30c4aa55e6f18d153f164529a3435e44754c5352.tar.gz opensim-SC_OLD-30c4aa55e6f18d153f164529a3435e44754c5352.tar.bz2 opensim-SC_OLD-30c4aa55e6f18d153f164529a3435e44754c5352.tar.xz | |
Added additional configuration options for MRM Security. See OpenSim.ini.example under the [MRM] section.
| -rw-r--r-- | OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs | 30 | ||||
| -rw-r--r-- | bin/OpenSim.ini.example | 22 |
2 files changed, 42 insertions, 10 deletions
diff --git a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs index 9042e0d..bf523dd 100644 --- a/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs +++ b/OpenSim/Region/OptionalModules/Scripting/Minimodule/MRMModule.cs | |||
| @@ -211,25 +211,39 @@ namespace OpenSim.Region.OptionalModules.Scripting.Minimodule | |||
| 211 | { | 211 | { |
| 212 | if (script.StartsWith("//MRM:C#")) | 212 | if (script.StartsWith("//MRM:C#")) |
| 213 | { | 213 | { |
| 214 | if (m_scene.GetSceneObjectPart(localID).OwnerID != m_scene.RegionInfo.MasterAvatarAssignedUUID | 214 | if (m_config.GetBoolean("OwnerOnly", true)) |
| 215 | || | 215 | if (m_scene.GetSceneObjectPart(localID).OwnerID != m_scene.RegionInfo.MasterAvatarAssignedUUID |
| 216 | m_scene.GetSceneObjectPart(localID).CreatorID != m_scene.RegionInfo.MasterAvatarAssignedUUID) | 216 | || m_scene.GetSceneObjectPart(localID).CreatorID != m_scene.RegionInfo.MasterAvatarAssignedUUID) |
| 217 | return; | 217 | return; |
| 218 | 218 | ||
| 219 | script = ConvertMRMKeywords(script); | 219 | script = ConvertMRMKeywords(script); |
| 220 | 220 | ||
| 221 | try | 221 | try |
| 222 | { | 222 | { |
| 223 | m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + m_config.GetString("permissionLevel", "Internet") + "-level security."); | 223 | AppDomain target; |
| 224 | if (m_config.GetBoolean("Sandboxed", true)) | ||
| 225 | { | ||
| 226 | m_log.Info("[MRM] Found C# MRM - Starting in AppDomain with " + | ||
| 227 | m_config.GetString("SandboxLevel", "Internet") + "-level security."); | ||
| 224 | 228 | ||
| 225 | string domainName = UUID.Random().ToString(); | 229 | string domainName = UUID.Random().ToString(); |
| 226 | AppDomain target = CreateRestrictedDomain(m_config.GetString("permissionLevel", "Internet"), | 230 | target = CreateRestrictedDomain(m_config.GetString("SandboxLevel", "Internet"), |
| 227 | domainName); | 231 | domainName); |
| 232 | } | ||
| 233 | else | ||
| 234 | { | ||
| 235 | m_log.Info("[MRM] Found C# MRM - Starting in current AppDomain"); | ||
| 236 | m_log.Warn( | ||
| 237 | "[MRM] Security Risk: AppDomain is run in current context. Use only in trusted environments."); | ||
| 238 | target = AppDomain.CurrentDomain; | ||
| 239 | } | ||
| 228 | 240 | ||
| 241 | m_log.Info("[MRM] Unwrapping into target AppDomain"); | ||
| 229 | MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap( | 242 | MRMBase mmb = (MRMBase) target.CreateInstanceFromAndUnwrap( |
| 230 | CompileFromDotNetText(script, itemID.ToString()), | 243 | CompileFromDotNetText(script, itemID.ToString()), |
| 231 | "OpenSim.MiniModule"); | 244 | "OpenSim.MiniModule"); |
| 232 | 245 | ||
| 246 | m_log.Info("[MRM] Initialising MRM Globals"); | ||
| 233 | InitializeMRM(mmb, localID, itemID); | 247 | InitializeMRM(mmb, localID, itemID); |
| 234 | 248 | ||
| 235 | m_scripts[itemID] = mmb; | 249 | m_scripts[itemID] = mmb; |
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index a1532c5..166f2c6 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example | |||
| @@ -1163,10 +1163,28 @@ | |||
| 1163 | 1163 | ||
| 1164 | 1164 | ||
| 1165 | [MRM] | 1165 | [MRM] |
| 1166 | ; Enables the Mini Region Modules Script Engine. WARNING: SECURITY RISK. | 1166 | ; Enables the Mini Region Modules Script Engine. |
| 1167 | ; default is false | 1167 | ; default is false |
| 1168 | Enabled = false | 1168 | Enabled = false |
| 1169 | 1169 | ||
| 1170 | ; Runs MRM in a Security Sandbox | ||
| 1171 | ; WARNING: DISABLING IS A SECURITY RISK. | ||
| 1172 | Sandboxed = true | ||
| 1173 | |||
| 1174 | ; The level sandbox to use, adjust at your OWN RISK. | ||
| 1175 | ; Valid values are: | ||
| 1176 | ; * FullTrust | ||
| 1177 | ; * SkipVerification | ||
| 1178 | ; * Execution | ||
| 1179 | ; * Nothing | ||
| 1180 | ; * LocalIntranet | ||
| 1181 | ; * Internet | ||
| 1182 | ; * Everything | ||
| 1183 | SandboxLevel = "Internet" | ||
| 1184 | |||
| 1185 | ; Only allow Region Owners to run MRMs | ||
| 1186 | ; May represent a security risk if you disable this. | ||
| 1187 | OwnerOnly = true | ||
| 1170 | 1188 | ||
| 1171 | [Hypergrid] | 1189 | [Hypergrid] |
| 1172 | ; Keep it false for now. Making it true requires the use of a special client in order to access inventory | 1190 | ; Keep it false for now. Making it true requires the use of a special client in order to access inventory |