Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002610opensim[REGION] Scripting Enginepublic2008-11-12 11:122009-09-18 07:37
Reporterjhurliman 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0002610: Scripts cannot be safely sandboxed until unsafe code is moved out of the shared script libraries
DescriptionProperly sandboxing scripts is not possible until all of the code loaded into script AppDomains is safe. Currently, remoting and other things are happening in OpenSim.Region.ScriptEngine.Shared.Api.Runtime.dll which prevents the script AppDomain from being properly locked down. All code that is not allowed by the "Internet" policy should be moved into the OpenSim.exe AppDomain. (see additional information for the permission set of that policy)
Additional InformationAn example exception:

System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
   at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
      at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
         at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException)
            at System.Security.CodeAccessSecurityEngine.CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Assembly asm, SecurityAction action)
               at OpenSim.Region.ScriptEngine.Shared.ScriptBase.ScriptBaseClass.InitializeLifetimeService()
                  at System.Runtime.Remoting.Lifetime.LeaseLifeTimeServiceProperty.GetObjectSink(MarshalByRefObject obj, IMessageSink nextSink)
                     at System.Runtime.Remoting.Contexts.Context.CreateServerObjectChain(MarshalByRefObject serverObj)
                        at System.Runtime.Remoting.ServerIdentity.GetServerObjectChain(MarshalByRefObject& obj)
                           at System.Runtime.Remoting.RemotingServices.MarshalInternal(MarshalByRefObject Obj, String ObjURI, Type RequestedType, Boolean updateChannelData)
                              at System.Runtime.Serialization.ObjectCloneHelper.GetObjectData(Object serObj, String& typeName, String& assemName, String[]& fieldNames, Object[]& fieldValues)
                              
                              
                              
                                 at System.AppDomain.CreateInstanceFromAndUnwrap(String assemblyName, String typeName)
                                    at OpenSim.Region.ScriptEngine.DotNetEngine.AppDomainManager.LoadScript(String FileName, AppDomain& ad) in C:\\Code\\OpenSim\\trunk\\OpenSim\\Region\\ScriptEngine\\DotNetEngine\\AppDomainManager.cs:line 191
                                       at OpenSim.Region.ScriptEngine.DotNetEngine.ScriptManager._StartScript(UInt32 localID, UUID itemID, String Script, Int32 startParam, Boolean postOnRez) in C:\\Code\\OpenSim\\trunk\\OpenSim\\Region\\ScriptEngine\\DotNetEngine\\ScriptManager.cs:line 164
                                       The action that failed was:
                                       LinkDemand
                                       The type of the first permission that failed was:
                                       System.Security.Permissions.SecurityPermission
                                       The first permission that failed was:
                                       <IPermission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"
                                       version=\"1\"
                                       Flags=\"Infrastructure\"/>
                                       
                                       The demand was for:
                                       <PermissionSet class=\"System.Security.PermissionSet\"
                                       version=\"1\">
                                       <IPermission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"
                                       version=\"1\"
                                       Flags=\"Infrastructure\"/>
                                       </PermissionSet>
                                       
                                       The granted set of the failing assembly was:
                                       <PermissionSet class=\"System.Security.PermissionSet\"
                                       version=\"1\">
                                       <IPermission class=\"System.Security.Permissions.FileDialogPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"
                                       version=\"1\"
                                       Access=\"Open\"/>
                                       <IPermission class=\"System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"
                                       version=\"1\"
                                       Allowed=\"ApplicationIsolationByUser\"
                                       UserQuota=\"512000\"/>
                                       <IPermission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"
                                       version=\"1\"
                                       Flags=\"Execution\"/>
                                       <IPermission class=\"System.Security.Permissions.UIPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"
                                       version=\"1\"
                                       Window=\"SafeTopLevelWindows\"
                                       Clipboard=\"OwnClipboard\"/>
                                       <IPermission class=\"System.Security.Permissions.UrlIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"
                                       version=\"1\"
                                       Url=\"file:///C:/Code/OpenSim/trunk/bin/OpenSim.Region.ScriptEngine.Shared.Api.Runtime.DLL\"/> [^]
                                       <IPermission class=\"System.Security.Permissions.ZoneIdentityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"
                                       version=\"1\"
                                       Zone=\"MyComputer\"/>
                                       <IPermission class=\"System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\"
                                       version=\"1\"
                                       Level=\"SafePrinting\"/>
                                       </PermissionSet>
                                       
                                       The assembly or AppDomain that failed was:
                                       OpenSim.Region.ScriptEngine.Shared.Api.Runtime, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
                                       The Zone of the assembly that failed was:
                                       MyComputer
                                       The Url of the assembly that failed was:
                                       file:///C:/Code/OpenSim/trunk/bin/OpenSim.Region.ScriptEngine.Shared.Api.Runtime.DLL [^]
TagsNo tags attached.
Git Revision or version number
Run ModeStandalone (1 Region) , Standalone (Multiple Regions) , Grid (1 Region per Sim) , Grid (Multiple Regions per Sim)
Physics EngineBasicPhysics, PhysicsOfSimplicity, ODE, BulletX, PhysX, Other
Script Engine
EnvironmentMono / Linux32, Mono / Linux64, Mono / Windows, Mono / OSX, .NET / Windows32, .NET / Windows64
Mono Version
Viewer
Attached Files

- Relationships

-  Notes
(0007088)
melanie (administrator)
2008-11-12 17:20

Without that lifetime stuff, the script expires. So I don't know how to resolve that
(0007309)
justincc (administrator)
2008-11-25 06:02

jhurliman, I know you had some test code for this (when it made it into some of the libomv update patches). Any chance you could attach that as a patch to this mantis in case other people are able to work on this?
(0007329)
jhurliman (manager)
2008-11-25 14:16

I don't have the original patch I made, although part of it should be in OpenSim SVN history. The code is fairly straightforward to write, more information here: http://msdn.microsoft.com/en-us/library/bb763046.aspx [^]

- Issue History
Date Modified Username Field Change
2008-11-12 11:12 jhurliman New Issue
2008-11-12 11:12 jhurliman SVN Revision => 7267
2008-11-12 11:12 jhurliman Run Mode => Standalone (1 Region) , Standalone (Multiple Regions) , Grid (1 Region per Sim) , Grid (Multiple Regions per Sim)
2008-11-12 11:12 jhurliman Physics Engine => BasicPhysics, PhysicsOfSimplicity, ODE, BulletX, PhysX, Other
2008-11-12 11:12 jhurliman Environment => Mono / Linux32, Mono / Linux64, Mono / Windows, Mono / OSX, .NET / Windows32, .NET / Windows64
2008-11-12 17:20 melanie Note Added: 0007088
2008-11-25 06:02 justincc Note Added: 0007309
2008-11-25 14:16 jhurliman Note Added: 0007329
2009-09-18 07:37 Fly-Man- Status new => acknowledged


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker