[0.4.12-dev] Mod security

User avatar
Sokomine
Member
Posts: 4014
Joined: Sun Sep 09, 2012 17:31
GitHub: Sokomine

Re: [0.4.12-dev] Mod security

by Sokomine » Post

I still have that problem stated in my previous postings: My handle_schematics mod can't work properly. It is in part a filie browser. Its purpose is to save schematics (so far so good - no problem there) and to place schematics into the world (WorldEdit, .mts or even .schematic format). Those schematics can be found in the worldname/schems/ folder (placed there by WorldEdit) or in some gamename/mods/modname/schems/* folder (may vary a bit from mod to mod). In order for my mod to be able to supply players with a way to transfer a building from one map to another, they need to be able to select it somehow. And the mod needs to be able to actually *read* the schema file. Just telling people to copy it over does not seem to be a good idea. Neither is telling them to turn security off.

I'd be fine with an extra, simple, easy-to-understand-and-check mod that provides read access to directories (filename extensions .mts, .schematic, .we and .meta are required - the rest is of no intrest anyway) and that provides read access to those files. Said read access is only required for files which *another world* or *another mod* could read anyway. The files need to be readable without having to be opened in the init phase.
A list of my mods can be found here.

User avatar
sfan5
Moderator
Posts: 3892
Joined: Wed Aug 24, 2011 09:44
GitHub: sfan5
IRC: sfan5
Location: Germany

Re: [0.4.12-dev] Mod security

by sfan5 » Post

Please open an issue on Github so this isn't overlooked before the release.
Mods: Mesecons | WorldEdit | Nuke & Minetest builds for Windows (32-bit & 64-bit)

Lichtbringer
New member
Posts: 1
Joined: Fri Feb 24, 2017 21:36
In-game: Lichtbringer

Re: [0.4.12-dev] Mod security

by Lichtbringer » Post

do_evil_thing() needs to check the environment for which mod requested it and not which mod is running currently.

request_insecure_environment() needs to set "environment.mod = mod with this command in it's code" and prohibit further change in this instance of insecure_environment.

User avatar
KGM
Member
Posts: 191
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: [0.4.12-dev] Mod security

by KGM » Post

How can i modify it on my computer?
is there a way to destroy it?
(if it's a lua file, where is it)
I HATE IT
(GOOD IDEA, BUT JUST ANNOYING IF IT CANT BE TURNED OFF IN MINETEST 4.1.6 Ubuntu (tried turn off, does not work : ((( )
Last edited by KGM on Tue May 08, 2018 18:06, edited 1 time in total.
When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.

User avatar
Phoenixflo44
Member
Posts: 637
Joined: Fri Jul 28, 2017 15:01
In-game: Phoenixflo44
Location: Behind my PC, in Germany

Re: [0.4.12-dev] Mod security

by Phoenixflo44 » Post

not be as aggressive
+ Spoiler

User avatar
rubenwardy
Moderator
Posts: 6101
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: United Kingdom
Contact:

Re: [0.4.12-dev] Mod security

by rubenwardy » Post

KGM wrote:How can i modify it on my computer?
is there a way to destroy it?
(if it's a lua file, where is it)
I HATE IT
Write better code. The sandbox should never be disabled

User avatar
Phoenixflo44
Member
Posts: 637
Joined: Fri Jul 28, 2017 15:01
In-game: Phoenixflo44
Location: Behind my PC, in Germany

Re: [0.4.12-dev] Mod security

by Phoenixflo44 » Post

True, everyone has limited programming skills and so sometimes minetest doesn't want to be
+ Spoiler

User avatar
KGM
Member
Posts: 191
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: [0.4.12-dev] Mod security

by KGM » Post

@ rubenwardy: but its annoying if you can't disable it on your computer,
i tried to write senseful clientmod for me alone, didn't work, no os.execute, disable mod security also not work, says disabled, still no execute!
plz anyone tell me how kill it so it doesn't bother me again?
Last edited by KGM on Tue May 08, 2018 18:10, edited 1 time in total.
When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.

User avatar
rubenwardy
Moderator
Posts: 6101
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: United Kingdom
Contact:

Re: [0.4.12-dev] Mod security

by rubenwardy » Post

You can't disable security on the client API as that's a massive security risk, the client API isn't designed for what you want to do

User avatar
KGM
Member
Posts: 191
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: [0.4.12-dev] Mod security

by KGM » Post

just why, my computer had a price of 40 €, there is also no really sensitive data, why can't i take that risk?

(may there be a way to corrupt minetest core files in a way security breaks? any help appreciat.)
When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.

User avatar
Krock
Developer
Posts: 4504
Joined: Thu Oct 03, 2013 07:48
GitHub: SmallJoker
Location: Switzerland
Contact:

Re: [0.4.12-dev] Mod security

by Krock » Post

KGM wrote:i tried to write senseful clientmod for me alone, didn't work, no os.execute, disable mod security also not work, says disabled, still no execute!
plz anyone tell me how kill it so it doesn't bother me again?
This is for real a very surprising mentality, however, you can use the following steps to get the CSM security away:

1) Open minetest_source_code/src/script/scripting_client.cpp
2) Comment our or remove the line " initializeSecurityClient(); "
3) Compile Minetest
4) ???
5) Profit.

Without security, the (client) mods can remove, corrupt, overwrite or encrypt all of the files to which you as user have access to. You can get the maximal destruction potential out of it by running Minetest as root or administrator (Windows).
Before you're asking for a setting to disable the security: We simply cannot make for each and every feature a setting to disable it. It might look different if tens of people would request such a setting - but not in single cases.
Look, I programmed a bug for you. >> Mod Search Engine << - Mods by Krock - DuckDuckGo mod search bang: !mtmod <keyword here>

User avatar
KGM
Member
Posts: 191
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: [0.4.12-dev] Mod security

by KGM » Post

THX very much!
When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.

Locked

Who is online

Users browsing this forum: No registered users and 2 guests