Page 2 of 2

Re: [0.4.12-dev] Mod security

Posted: Tue Nov 29, 2016 20:27
by Sokomine
I still have that problem stated in my previous postings: My handle_schematics mod can't work properly. It is in part a filie browser. Its purpose is to save schematics (so far so good - no problem there) and to place schematics into the world (WorldEdit, .mts or even .schematic format). Those schematics can be found in the worldname/schems/ folder (placed there by WorldEdit) or in some gamename/mods/modname/schems/* folder (may vary a bit from mod to mod). In order for my mod to be able to supply players with a way to transfer a building from one map to another, they need to be able to select it somehow. And the mod needs to be able to actually *read* the schema file. Just telling people to copy it over does not seem to be a good idea. Neither is telling them to turn security off.

I'd be fine with an extra, simple, easy-to-understand-and-check mod that provides read access to directories (filename extensions .mts, .schematic, .we and .meta are required - the rest is of no intrest anyway) and that provides read access to those files. Said read access is only required for files which *another world* or *another mod* could read anyway. The files need to be readable without having to be opened in the init phase.

Re: [0.4.12-dev] Mod security

Posted: Wed Nov 30, 2016 09:47
by sfan5
Please open an issue on Github so this isn't overlooked before the release.

Re: [0.4.12-dev] Mod security

Posted: Fri Feb 24, 2017 22:54
by Lichtbringer
do_evil_thing() needs to check the environment for which mod requested it and not which mod is running currently.

request_insecure_environment() needs to set "environment.mod = mod with this command in it's code" and prohibit further change in this instance of insecure_environment.

Re: [0.4.12-dev] Mod security

Posted: Tue May 08, 2018 17:46
by KGM
How can i modify it on my computer?
is there a way to destroy it?
(if it's a lua file, where is it)
I HATE IT
(GOOD IDEA, BUT JUST ANNOYING IF IT CANT BE TURNED OFF IN MINETEST 4.1.6 Ubuntu (tried turn off, does not work : ((( )

Re: [0.4.12-dev] Mod security

Posted: Tue May 08, 2018 17:50
by Phoenixflo44
not be as aggressive

Re: [0.4.12-dev] Mod security

Posted: Tue May 08, 2018 17:54
by rubenwardy
KGM wrote:How can i modify it on my computer?
is there a way to destroy it?
(if it's a lua file, where is it)
I HATE IT
Write better code. The sandbox should never be disabled

Re: [0.4.12-dev] Mod security

Posted: Tue May 08, 2018 17:57
by Phoenixflo44
True, everyone has limited programming skills and so sometimes minetest doesn't want to be

Re: [0.4.12-dev] Mod security

Posted: Tue May 08, 2018 18:08
by KGM
@ rubenwardy: but its annoying if you can't disable it on your computer,
i tried to write senseful clientmod for me alone, didn't work, no os.execute, disable mod security also not work, says disabled, still no execute!
plz anyone tell me how kill it so it doesn't bother me again?

Re: [0.4.12-dev] Mod security

Posted: Tue May 08, 2018 18:10
by rubenwardy
You can't disable security on the client API as that's a massive security risk, the client API isn't designed for what you want to do

Re: [0.4.12-dev] Mod security

Posted: Tue May 08, 2018 18:12
by KGM
just why, my computer had a price of 40 €, there is also no really sensitive data, why can't i take that risk?

(may there be a way to corrupt minetest core files in a way security breaks? any help appreciat.)

Re: [0.4.12-dev] Mod security

Posted: Tue May 08, 2018 18:31
by Krock
KGM wrote:i tried to write senseful clientmod for me alone, didn't work, no os.execute, disable mod security also not work, says disabled, still no execute!
plz anyone tell me how kill it so it doesn't bother me again?
This is for real a very surprising mentality, however, you can use the following steps to get the CSM security away:

1) Open minetest_source_code/src/script/scripting_client.cpp
2) Comment our or remove the line " initializeSecurityClient(); "
3) Compile Minetest
4) ???
5) Profit.

Without security, the (client) mods can remove, corrupt, overwrite or encrypt all of the files to which you as user have access to. You can get the maximal destruction potential out of it by running Minetest as root or administrator (Windows).
Before you're asking for a setting to disable the security: We simply cannot make for each and every feature a setting to disable it. It might look different if tens of people would request such a setting - but not in single cases.

Re: [0.4.12-dev] Mod security

Posted: Tue May 08, 2018 18:36
by KGM
THX very much!