[Opensim-dev] Adding an assembly reference to make available via script
J Lothian
rhalin at gmail.com
Sat May 29 20:20:29 UTC 2010
On Fri, May 28, 2010 at 11:44 AM, Justin Clark-Casey <
jjustincc at googlemail.com> wrote:
> J Lothian wrote:
>
>> I'm not so sure that the current setup includes the System namespace. The
>> only assembly, other than the OpenSim specific ones, that is loaded is
>> System.Collections.Generic. I had to add System before I could even use
>> Exceptions, which seems to indicate that only parts of System that are
>> pulled in are the parts used by the other assemblies that are loaded.
>>
>
> Actually, one can still use other classes just fine if they are referenced
> by their full names. For example, my script
>
> //c#
> // justincc's short test script
>
> string message = "Hello avatar!";
> string xml = "<tag>ribbit</tag>";
>
> public void default_event_state_entry()
> {
> llSay(0, message);
> }
>
> public void default_event_touch_start(
> LSL_Types.LSLInteger total_number)
> {
> System.IO.StringReader sr
> = new System.IO.StringReader(xml);
> System.Xml.XmlTextReader reader
> = new System.Xml.XmlTextReader(sr);
>
> llSay(0, reader.ReadElementString("tag"));
> }
>
> works just fine on OpenSim Git master with no alterations other than
> allowing cs scripts.
>
>
Ah, forgot that you could type out the entire assembly heirarchy to get
there. Kind of scary that users can get to System.IO that easily, but at
least with a proper linux user running mono and a few other precautions,
potential damage could be minimized.
>
> Melanie's response (which I mostly agree with) is why I didn't post it on
>> the Wiki. This isn't something the average user (specifically OpenGrid
>> users) should probably be doing. But rather than saying "absolutely not", I
>> have to wonder if there's some reasonable middle ground that can do the job
>> of both 1) protecting the average installation from arbitrary library code
>> inclusion/execution, and 2) allowing an easier way to include that facility,
>> for users that -do- need it, as a way for others to make OpenSim more
>> flexible.
>>
>
> To be honest, I don't think the average user looks on the development
> section of the wiki anyway :). Also, none of this stuff is available unless
> the region operator specifically allows c# scripts. I would really like to
> see this documentation over there along with security warnings about using
> c# scripts at all.
>
> But the real solution could be to properly sandbox scripts. I know that
> there was some discussion about this a long time ago and there's some good
> technical reason why it's not possible yet, but I can't remember what that
> is.
>
>
No problem then, I can get this up and documented over the next couple days
when I get a free moment, complete with some nice warnings.
I may have an idea why sandboxing isn't very easy, at least using the
standard tools. In .Net, there is the Code Access Security feature, which
admittedly, I'm fairly unfamiliar with, but I -think- it allows you to wrap
blocks of code to require certain permission levels to execute, and possibly
limit library access. Under windows and .Net, these might work, but they
are officially "unsupported" in mono, and it looks like the mono project has
abandoned efforts to implement them. And even under windows, I would guess
that it takes the "user" as being the authenticated windows user that
executed the server, not the remote OpenSim user compiling/executing the
script.
More complex sandboxing would probably a huge project in itself involving
parsing or catching calls to specific functions, which is probably much
beyond the scope of OpenSim.
>
> Compile-time isn't a show-stopper, but something that makes the process
>> easier, like a module, or something in the build system/environment like an
>> "scriptengine_additional_libraries" variable might be handy. Basically,
>> narrowing down a potential point of failure to one place, instead of three.
>> Thanks again though, my team here really appreciates all the hard work
>> you all put into this.
>>
>
> Many thanks Jeremy, I'm sure from all of us.
> Be very interested to know what your team are using OpenSim for, though I
> appreciate that might not be possible if the work isn't in the open.
>
>
I'm a graduate student working with a research team at Penn State University
(details here: http://isee.ist.psu.edu/). Basically, we're developing
learning modules within Second Life to teach topics in computer and network
security. Working in SecondLife has brought up many limitations along the
way that has slowed development quite a bit, not to mention the costs
involved.
So, we've been working on re-implementing some of our modules in OpenSim,
and considering it for ongoing/future development. Getting this item
working has already sped up development a bit, the next hurdle is getting
the XmlRpcGroups module working without disabling our ability to login, but
thats a topic for another thread when I have more time to look into it...
Thanks again,
--Jeremy Lothian
> Best,
>
> Justin.
>
> --Jeremy Lothian
>>
>>
>> On Thu, May 27, 2010 at 8:11 PM, Justin Clark-Casey <
>> jjustincc at googlemail.com <mailto:jjustincc at googlemail.com>> wrote:
>>
>> Melanie wrote:
>>
>> A generic means to add extra libs would be highly DANGEROUS. It
>> definitely needs to be compile-time. Probably has to be, anyway,
>> from the way the scripts work.
>>
>>
>> C# scripts are insecure anyway since anybody who can create them has
>> access to the System namespaces. They are still useful in contexts
>> where script creation and editing are restricted or all parties are
>> highly trusted.
>>
>>
>>
>> Melanie
>>
>> Justin Clark-Casey wrote:
>>
>> J Lothian wrote:
>>
>> Justin,
>> Thanks for pointing me in a direction, this was -very-
>> helpful. It wasn't nearly as straightforward as I was
>> expecting, but it did give me the opportunity/excuse to
>> get my hands dirty and dig into the projects and code a
>> bit. I'm going to document the process a bit here, so
>> it gets archived for future reference. I'm pretty sure
>> I've narrowed down the steps needed.
>> The actual project that needs the assembly reference
>> added to it is
>> OpenSim.Region.ScriptEngine.Shared.CodeTools, but this
>> is just the start. This gets the assembly detectable by
>> the compiler. The next step is adding the reference to
>> the script being compiled. In
>> OpenSim.Region.ScriptEngine.Shared.CodeTools.Compiler
>> (Compiler.cs), in the function CompileFromDotNetText,
>> there is a section where ReferencedAssemblies are added
>> to the compiler as parameters, and the assembly needs to
>> be added here as well. For example, to add a standard
>> library, the following line would be used:
>> parameters.ReferencedAssemblies.Add("System.dll");
>> Which, it turns out, I needed to do, as System.dll
>> isn't added by default, and our test script included a
>> try/catch where Exception was not detected as a type.
>> To add something like the MySql dll that comes with
>> OpenSim, it would look like this:
>>
>> parameters.ReferencedAssemblies.Add(
>>
>> Path.Combine(rootPath,"MySql.Data.dll"));The script
>> engine automatically wraps scripts in boilerplate code
>> to put them inside a class and make them compilable.
>> This has the side-effect of making "using" or "import"
>> statements inside scripts impossible, so these also need
>> to be added to the code. For example, if your script is
>> C#, then the function to alter is CreateCSCompilerScript
>> (in the same Compile.cs), adding the using statement to
>> the list inside this function.
>> If I get the chance later this summer, I may try to
>> develop a more robust system that attempts to (at the
>> very least) detect the default mono/.net libraries and
>> automatically adjust this boilerplate to include them...
>> Again, thanks for the help!
>>
>> Glad that was of some use! Would very much look forward to
>> a boilerplate adjuster - being able to include extra
>> libraries from OpenSim C# 'scripts' would be really useful.
>>
>> Also, it would be great if you could copy the above into a
>> new wiki page off
>>
>> http://opensimulator.org/wiki/Developer_Documentation#Scripting.
>> Things tend to stay a little bit more visible there. Thanks!
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
>>
>>
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>>
>>
>> -- Justin Clark-Casey (justincc)
>> http://justincc.org <http://justincc.org/>
>>
>> http://twitter.com/justincc
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
>>
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>
>
> --
> Justin Clark-Casey (justincc)
> http://justincc.org
> http://twitter.com/justincc
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20100529/3b08820e/attachment-0001.html>
More information about the Opensim-dev
mailing list