[Opensim-dev] Critical plugin check?

Sean Dague sean at dague.net
Thu Jun 19 12:53:32 UTC 2008 

On Thu, Jun 19, 2008 at 10:09:10AM +0900, Ryan McDougall wrote:
> 
> On Wed, 2008-06-18 at 17:55 -0400, Sean Dague wrote:
> > On Wed, Jun 18, 2008 at 01:49:35PM -0700, Kyle Hamilton wrote:
> > > I think that there's something a bit worrisome about this idea.
> > > 
> > > What if the server were hacked such that, say, a money-management
> > > module was substituted?  (Remember, most attacks are not from people
> > > outside the organization, but rather inside the organization.  If some
> > > disgruntled sysadmin decided to start playing around with the economy,
> > > it might be extremely damaging and destroy a lot of confidence in the
> > > economy -- which would have the effect of making the economy
> > > unsustainable, since economies that aren't backed by real value [such
> > > as gold] only exist by virtue of economic-participant confidence.)
> > 
> > If you have physical access to the server, all bets are off.  They could
> > just as easily fiddle db numbers as load a new module.  You can't
> > protect yourself from people who can log into you box and get a shell.
> > 
> > When looking at rework of the plugin approach, I'd suggest that we
> > standardize on Mono Addins, and build from there.  Right now we've got 3
> > or 4 different loaders, and all the custom different loaders we wrote
> > don't seem to gain us much over just using addins.
> > 
> >     -Sean
> 
> So consensus is:
> 
> - Its basically a good idea with no real objections?
> 
> - There should be a list of Criticial Modules given in OpenSim.ini, with
> the rest being loaded if available?
> 
> What should this list look like? "critical_modules=foo.dll,bar.dll,..."?
> Or is there a better way to go?

Please look at Addins instead.  That would probably mean *not* being in
OpenSim.ini, but in the addins config.

    -Sean

-- 
__________________________________________________________________

Sean Dague                                       Mid-Hudson Valley
sean at dague dot net                            Linux Users Group
http://dague.net                                 http://mhvlug.org

There is no silver bullet.  Plus, werewolves make better neighbors
than zombies, and they tend to keep the vampire population down.
__________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080619/692bca03/attachment-0001.pgp>

More information about the Opensim-dev mailing list