108 posts
Posted 26 September 2012 - 05:41 AM
At the moment, several native lua functions are disabled, obviously for security reasons, I would like the disabling of these apis to be a config option, and not something hard-coded into the mod. I know for a fact this is fully possible, the "luajava" api could be enabled through the config once upon a time, and I'm hoping that I'll be able to enable the native "debug" api as well.
510 posts
Posted 26 September 2012 - 06:25 AM
I don't think the luajava api should ever be enabled. And they're moving away from luaj anyways, so it will not be available. The debug api would be nice, but it would also allow for some dirty hacks, as all computers are running in one luastate atm…
108 posts
Posted 26 September 2012 - 06:33 AM
The debug api would allow for some dirty hacks, without some modification, that's why I want it to be a config option like the http api. Along with the debug api, things like the package api should also be enable-able. Also, I'm pretty sure the computers run it diffrent lua states, otherwise computers could access each other's global variables.
2447 posts
Posted 26 September 2012 - 09:06 AM
They all run in separate coroutines, and have their own global table.
Anyway this is not going to happen. luajava was disabled due to the security risks intentionally (it WAS a config option earlier).
For consistency purpose we wouldn't allow changing the option on a client unless you can also do it on the server - and no way are we allowing debug library on the server. The whole point of a sandbox is to prevent people from breaking out of it - and there are security risks (unrestricted io access anyone?) that would come from allowing this.
108 posts
Posted 26 September 2012 - 06:40 PM
I realize there are security, but I don't see the issue if server owners only turn it on if they trust everyone on the server, or if they modify it to limit its abilities. I would modify mine to prevent escaping the sandbox, kinda like how I modified my http api to prevent access to the local network.
2447 posts
Posted 26 September 2012 - 07:07 PM
I'm against offering config options about things that shouldn't be configurable. If people want to decompile the code for their own use to stop the removal of the API's, they are free to - just don't distribute it.
35 posts
Posted 27 September 2012 - 03:37 AM
If luajava isn't going to be available even for custom in-house everyone-is-friends servers, could you provide an API to register lightweight functional-only turtle upgrades?
I'd like to make a CC program that reads a skin file and builds a statue, but it doesn't work because javax.imageio.ImageIO isn't available from within CC, and it's really hard to write a PNG reader in Lua.
It seems excessive to have to register a Turtle Upgrade Id and create an entire forge mod, just to access javax.imageio.ImageIO.
I understand you don't want to allow the boiling of oceans, but I personally have to trust that Computer Craft isn't going to boil my ocean, so it's not hard for me to also trust that I won't boil my own oceans, or allow ocean boilers to log into my server.
If it was a public server that's different, and in that case yes I'd say you need a tighter sandbox. Thus the config option.
871 posts
Posted 27 September 2012 - 05:27 AM
if you make it a config option, tons of people who don't know any better will say "that's an awesome feature, I'm'a gonna make a public server on my pc in my parents basement and enable it." What happens next is obvious, and yes, in a sense it's their own fault, but they're gonna blame dan and cloudy, and the general result is it will hurt the mod's reputation as a whole.
It's not gonna happen. Hack it in if you really want it so much, but in the official release, it's not gonna happen.
105 posts
Posted 27 September 2012 - 06:50 AM
Also, by the mere fact that the option exists, people are likely to see it and enter "Oh noes, your mod is a security risk!!!eleventyone" mode
35 posts
Posted 28 September 2012 - 04:57 PM
Could we get an official submod then called "Enable Security Risks"?
I'm basically coding a peripheral right now that does:
return newInstance(arg0);
and
arg1.getMethod(arg2).invoke(arg3…);
3790 posts
Location
Lincoln, Nebraska
Posted 28 September 2012 - 06:23 PM
I don't think that this should be ever made or distributed. If I wanted someone to have unrestricted access to my server files, I would give them the rcon password. There's easier ways to destroy a computer.
35 posts
Posted 08 October 2012 - 10:51 PM
Well, given it's all of 10 lines of code, anyone can make the mod.
If someone asks you to install the 'Root The Server Peripheral' peripheral mod, don't do it.
1054 posts
Posted 09 October 2012 - 12:12 AM
First of, I made a mod (not yet published) that registers custom LUA api's written in java to CC. So with some effort, it is possible. Second, if you really want it, just write a PNG parser. It's not easy, but possible.
2217 posts
Location
3232235883
Posted 09 October 2012 - 01:23 AM
:D/>/> sounds like an awesome idea, the mod devs HATE adding new things even if they are a good idea
im going to make a minecraft region editor that replaces all the water to lava
2447 posts
Posted 09 October 2012 - 11:10 AM
:D/>/> sounds like an awesome idea, the mod devs HATE adding new things even if they are a good idea
Yep that's why we're not adding colour screens, not adding mouse support, not adding PDA's, not adding turtle.transfer() and not improving turtle.compare() right?
Think before you post.
Anyway a big part of this mod is consistency between client and server and between servers - we aren't going to do anything that could jeapordize server security - many people won't realise the implication of enabling such options. 99% of people won't even know how to use the API's anyway, and the 1% who do can easily work round it anyway.