[Opensim-dev] Critical plugin check?

Ryan McDougall sempuki1 at gmail.com
Thu Jun 19 01:09:10 UTC 2008 

On Wed, 2008-06-18 at 17:55 -0400, Sean Dague wrote:
> On Wed, Jun 18, 2008 at 01:49:35PM -0700, Kyle Hamilton wrote:
> > I think that there's something a bit worrisome about this idea.
> > 
> > What if the server were hacked such that, say, a money-management
> > module was substituted?  (Remember, most attacks are not from people
> > outside the organization, but rather inside the organization.  If some
> > disgruntled sysadmin decided to start playing around with the economy,
> > it might be extremely damaging and destroy a lot of confidence in the
> > economy -- which would have the effect of making the economy
> > unsustainable, since economies that aren't backed by real value [such
> > as gold] only exist by virtue of economic-participant confidence.)
> 
> If you have physical access to the server, all bets are off.  They could
> just as easily fiddle db numbers as load a new module.  You can't
> protect yourself from people who can log into you box and get a shell.
> 
> When looking at rework of the plugin approach, I'd suggest that we
> standardize on Mono Addins, and build from there.  Right now we've got 3
> or 4 different loaders, and all the custom different loaders we wrote
> don't seem to gain us much over just using addins.
> 
>     -Sean

So consensus is:

- Its basically a good idea with no real objections?

- There should be a list of Criticial Modules given in OpenSim.ini, with
the rest being loaded if available?

What should this list look like? "critical_modules=foo.dll,bar.dll,..."?
Or is there a better way to go?

- What is the best way to gracefully fail? Has anyone thought of failure
modes or failure strategies?

I'm looking for your advice knowing well the architecture of OpenSim --
especially those who are running grids. Is there anything that needs to
be handled in such a system to avoid doing any damage whatsoever to the
grid.

For example if a grid server goes down due to missing plugin, should it
notify UAIR servers?

- What is the most appropriate form of notification in practice?

Email comes to mind, but perhaps we can do better than that...

Cheers,

More information about the Opensim-dev mailing list