[Opensim-dev] Critical plugin check?

Ryan McDougall sempuki1 at gmail.com
Mon Jun 23 04:34:03 UTC 2008 

On Thu, 2008-06-19 at 08:53 -0400, Sean Dague wrote:
> On Thu, Jun 19, 2008 at 10:09:10AM +0900, Ryan McDougall wrote:
> > 
> > On Wed, 2008-06-18 at 17:55 -0400, Sean Dague wrote:
> > > On Wed, Jun 18, 2008 at 01:49:35PM -0700, Kyle Hamilton wrote:
> > > > I think that there's something a bit worrisome about this idea.
> > > > 
> > > > What if the server were hacked such that, say, a money-management
> > > > module was substituted?  (Remember, most attacks are not from people
> > > > outside the organization, but rather inside the organization.  If some
> > > > disgruntled sysadmin decided to start playing around with the economy,
> > > > it might be extremely damaging and destroy a lot of confidence in the
> > > > economy -- which would have the effect of making the economy
> > > > unsustainable, since economies that aren't backed by real value [such
> > > > as gold] only exist by virtue of economic-participant confidence.)
> > > 
> > > If you have physical access to the server, all bets are off.  They could
> > > just as easily fiddle db numbers as load a new module.  You can't
> > > protect yourself from people who can log into you box and get a shell.
> > > 
> > > When looking at rework of the plugin approach, I'd suggest that we
> > > standardize on Mono Addins, and build from there.  Right now we've got 3
> > > or 4 different loaders, and all the custom different loaders we wrote
> > > don't seem to gain us much over just using addins.
> > > 
> > >     -Sean
> > 
> > So consensus is:
> > 
> > - Its basically a good idea with no real objections?
> > 
> > - There should be a list of Criticial Modules given in OpenSim.ini, with
> > the rest being loaded if available?
> > 
> > What should this list look like? "critical_modules=foo.dll,bar.dll,..."?
> > Or is there a better way to go?
> 
> Please look at Addins instead.  That would probably mean *not* being in
> OpenSim.ini, but in the addins config.
> 
>     -Sean
> 

Im looking at Mono.Addins right now, but if you have a particular idea,
it would probably save me a lot of time having to rediscover what you're
thinking of from upstream docs.

Cheers,

More information about the Opensim-dev mailing list