C# coding in OpenSim

Summary (ed.): what is essentially required, as a quick and simple fix, is to introduce an option that restricts the use of C# scripts to owners, region managers or specified UUIDs only. This is already in place for os* functions, as well as for MRMs (although the latter are in a sense obsolete because they are unlikely to see any further development).

There are three ways to code in C# in OpenSim, starting with the hardest first:

(1) Region modules

Basically, you are writing and compiling new parts of OpenSim, either as add-on modules or as patches that you have submitted to the code base (which might or might not end up incorporated into the release). I’m not going to focus on these here.

(2) Mini Region Modules

These are interesting but sadly incomplete.

Developed by Adam Frisby before he stopped developing for OpenSim, there remain certain problems but one major advantage. The advantage is this:

[MRM]
Enabled = true
OwnerOnly = true

Thus it is possible to make these relatively secure. Although MRM scripts can access dangerous instructions that can do basically anything on your server, you can limit them so that only the region owner (not, sadly, the other god agents etc) can run them, i.e. you, while other users of the sim cannot.

The disadvantages are twofold. The first is that MRM scripts cannot be deleted from the inventory of objects. They continue running even if they are deleted, i.e. the compiled version cannot be removed. I am not completely confident that it is removed even if you delete the object too, from experience, until such time as the region is restarted. The second problem is that MRM is no longer being actively developed. That means that over time there may develop increasing problems if it conflicts with other code. No bugs or memory leaks are being worked on, nor is better security being developed.

There was a variant called XMRM developed by John McCaffery. This enabled scripts to be compiled as DLLs outside OpenSim and then called from within. All you had to do was compile one region module and that was it. However, it is not as accessible for entry-level programmers making the transition from LSL/OSSL. It can’t be done in the viewer.

(3) C# code

This is also interesting but has more problems.

One the one hand, it’s easy to enable and it will work. LSL is compiled into C#/Mono bytecode, so this will always be a good way of coding. On the negative side, once you enabled it, you have the same security problems on your server that were described for MRMs. You can, of course, allow only the god agents etc to run any scripts, but that will prevent any HUD scripts, vehicles etc working for any other avatar. Clearly this is not ideal. What you cannot do, unlike for MRMs, is allow only the region owner (or god agents etc) to run C# scripts while allowing LSL/OSSL scripts for everybody else.

Summary

What is needed immediately is more granular controls over who can run which type of script that has been enabled. Better security like threat levels, restriction of system instructions etc could be added later, as it would take far more work. It does now look as if nobody will take up MRMs, so they are effectively dead. This is a shame because they are so powerful and useful within OpenSim. I really think it would be great if they were revived. Currently we are in a bit of a bind: you can’t use MRMs because of the compiling/deleting problems, but C# scripts can’t be made secure without crippling the usability of the region for other avatars.

Advertisements
Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: