423 posts
AfterLifeLochie's "Dungeon", Australia
Posted 09 November 2012 - 12:37 AM
Because Oddstr13 asked me to do this….
ALLBIOS, aptly named, is a BIOS replacement for ComputerCraft that closes some potentially problematic security holes (of which I've observed in CC 1.41). This includes protection over the top of system tables (as well as configurable exceptions), dump protection, file-system "/.sys/" directory (for BIOS crashdumps and other error logging), Rednet anti-spam, HTTP
Please note this is a BIOS replacement; you cannot save this as a startup script. I strongly advise you backup your original "bios.lua" file, should you wish to (or need to), switch back to the classic BIOS.
You can grab the latest (and mess around with it) at http://cdn.afterlife...=allbios-latest. It's under a "do what you want, as long as you keep the header intact and don't sell it, take credit, etc" license, so you're welcome to butcher it to an inch of it's digital life if you so please. :P/>/>
I've tested this on CC 1.41 and had no issues, however, I've yet to do extensive tests with CC 1.46. (Feel free to send me bug reports, which can be obtained from "/computer/<pc-id>/.sys/error.log" by default).
ALLBIOS, aptly named, is a BIOS replacement for ComputerCraft that closes some potentially problematic security holes (of which I've observed in CC 1.41). This includes protection over the top of system tables (as well as configurable exceptions), dump protection, file-system "/.sys/" directory (for BIOS crashdumps and other error logging), Rednet anti-spam, HTTP
Please note this is a BIOS replacement; you cannot save this as a startup script. I strongly advise you backup your original "bios.lua" file, should you wish to (or need to), switch back to the classic BIOS.
You can grab the latest (and mess around with it) at http://cdn.afterlife...=allbios-latest. It's under a "do what you want, as long as you keep the header intact and don't sell it, take credit, etc" license, so you're welcome to butcher it to an inch of it's digital life if you so please. :P/>/>
I've tested this on CC 1.41 and had no issues, however, I've yet to do extensive tests with CC 1.46. (Feel free to send me bug reports, which can be obtained from "/computer/<pc-id>/.sys/error.log" by default).
- Errors that the BIOS throws to the computer, such as "too much rednet spam" or "cannot alter protected table", etcetera, get appended at the end of the syslog.
- If the BIOS throws back an exception that creates a STOP condition (ie, one that I've set to trigger), it probably won't make it to the syslog, as it's something the BIOS can't recover (or just ignore). Generally these errors have verbose "additional details". Should you wish to turn them off, you can modify "doBiosStop" and remove the "Additional Data" section.
- The syslog file isn't flushed at any point; you should write a server-side script or something to remove them (or, totally disable the syslog in the function "maskedError" (the error provider).
- Please be aware that the syslog and the "/.sys" directory are counted towards "disk use"; if you impose computer and disk space limits, please be cautious to remove these files, or, scrape them and dispose them as needed.
Spoiler
BIOS 1.3.3 (CraftOS 1.4):- Addition of HTTP restricting and blocking of sites;
- Inclusion of a list of malicious sites, Dropbox accounts and other common virus hosting locations;
- Moved code into a modular system, meaning, anyone can grab a module and install it either individually or the entire module set;
- Ability to change "Violation Level Exceeded" crash level ("no-crash", "error", "bios-stop", "shutdown"). All options are pretty self-explanatory, I implemented this as some scripts ran inside pcall()'s, meaning they'd just ignore VL errors and try again (and again, and again…);
- Started implementation of HTTP logging; HTTP log written to /.sys/http.log;
- First public release; support for anti-rednet-spam as well as general protection routines.
- Anti-global-coroutine alteration code confirmed functional.
