[0.4.12-dev] Mod security

Sokomine
Member
 
Posts: 3614
Joined: Sun Sep 09, 2012 17:31
GitHub: Sokomine

Re: [0.4.12-dev] Mod security

by Sokomine » Tue Nov 29, 2016 20:27

I still have that problem stated in my previous postings: My handle_schematics mod can't work properly. It is in part a filie browser. Its purpose is to save schematics (so far so good - no problem there) and to place schematics into the world (WorldEdit, .mts or even .schematic format). Those schematics can be found in the worldname/schems/ folder (placed there by WorldEdit) or in some gamename/mods/modname/schems/* folder (may vary a bit from mod to mod). In order for my mod to be able to supply players with a way to transfer a building from one map to another, they need to be able to select it somehow. And the mod needs to be able to actually *read* the schema file. Just telling people to copy it over does not seem to be a good idea. Neither is telling them to turn security off.

I'd be fine with an extra, simple, easy-to-understand-and-check mod that provides read access to directories (filename extensions .mts, .schematic, .we and .meta are required - the rest is of no intrest anyway) and that provides read access to those files. Said read access is only required for files which *another world* or *another mod* could read anyway. The files need to be readable without having to be opened in the init phase.
A list of my mods can be found here.
 

User avatar
sfan5
Moderator
 
Posts: 3761
Joined: Wed Aug 24, 2011 09:44
Location: Germany
GitHub: sfan5
IRC: sfan5

Re: [0.4.12-dev] Mod security

by sfan5 » Wed Nov 30, 2016 09:47

Please open an issue on Github so this isn't overlooked before the release.
Mods: Mesecons | WorldEdit | Nuke & Minetest builds for Windows (32-bit & 64-bit)
 

Lichtbringer
New member
 
Posts: 1
Joined: Fri Feb 24, 2017 21:36
In-game: Lichtbringer

Re: [0.4.12-dev] Mod security

by Lichtbringer » Fri Feb 24, 2017 22:54

do_evil_thing() needs to check the environment for which mod requested it and not which mod is running currently.

request_insecure_environment() needs to set "environment.mod = mod with this command in it's code" and prohibit further change in this instance of insecure_environment.
 

User avatar
KGM
Member
 
Posts: 146
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: [0.4.12-dev] Mod security

by KGM » Tue May 08, 2018 17:46

How can i modify it on my computer?
is there a way to destroy it?
(if it's a lua file, where is it)
I HATE IT
(GOOD IDEA, BUT JUST ANNOYING IF IT CANT BE TURNED OFF IN MINETEST 4.1.6 Ubuntu (tried turn off, does not work : ((( )
Last edited by KGM on Tue May 08, 2018 18:06, edited 1 time in total.
 

User avatar
Phoenixflo44
Member
 
Posts: 457
Joined: Fri Jul 28, 2017 15:01
Location: Behind my PC, in Germany
In-game: Phoenixflo44
 

User avatar
rubenwardy
Moderator
 
Posts: 5401
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: [0.4.12-dev] Mod security

by rubenwardy » Tue May 08, 2018 17:54

KGM wrote:How can i modify it on my computer?
is there a way to destroy it?
(if it's a lua file, where is it)
I HATE IT


Write better code. The sandbox should never be disabled
Core Developer | Donate | My Twitter | Mods | Mods 4 Android | Node Box Editor | Minetest Modding Book

Hello profile reader

LgiOxMFYXOqtqVqMPhbw1Bn3oNRvEC7j
 

User avatar
Phoenixflo44
Member
 
Posts: 457
Joined: Fri Jul 28, 2017 15:01
Location: Behind my PC, in Germany
In-game: Phoenixflo44

Re: [0.4.12-dev] Mod security

by Phoenixflo44 » Tue May 08, 2018 17:57

True, everyone has limited programming skills and so sometimes minetest doesn't want to be
 

User avatar
KGM
Member
 
Posts: 146
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: [0.4.12-dev] Mod security

by KGM » Tue May 08, 2018 18:08

@ rubenwardy: but its annoying if you can't disable it on your computer,
i tried to write senseful clientmod for me alone, didn't work, no os.execute, disable mod security also not work, says disabled, still no execute!
plz anyone tell me how kill it so it doesn't bother me again?
Last edited by KGM on Tue May 08, 2018 18:10, edited 1 time in total.
 

User avatar
rubenwardy
Moderator
 
Posts: 5401
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: [0.4.12-dev] Mod security

by rubenwardy » Tue May 08, 2018 18:10

You can't disable security on the client API as that's a massive security risk, the client API isn't designed for what you want to do
Core Developer | Donate | My Twitter | Mods | Mods 4 Android | Node Box Editor | Minetest Modding Book

Hello profile reader

LgiOxMFYXOqtqVqMPhbw1Bn3oNRvEC7j
 

User avatar
KGM
Member
 
Posts: 146
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: [0.4.12-dev] Mod security

by KGM » Tue May 08, 2018 18:12

just why, my computer had a price of 40 €, there is also no really sensitive data, why can't i take that risk?

(may there be a way to corrupt minetest core files in a way security breaks? any help appreciat.)
 

User avatar
Krock
Developer
 
Posts: 4043
Joined: Thu Oct 03, 2013 07:48
Location: Switzerland
GitHub: SmallJoker

Re: [0.4.12-dev] Mod security

by Krock » Tue May 08, 2018 18:31

KGM wrote:i tried to write senseful clientmod for me alone, didn't work, no os.execute, disable mod security also not work, says disabled, still no execute!
plz anyone tell me how kill it so it doesn't bother me again?

This is for real a very surprising mentality, however, you can use the following steps to get the CSM security away:

1) Open minetest_source_code/src/script/scripting_client.cpp
2) Comment our or remove the line " initializeSecurityClient(); "
3) Compile Minetest
4) ???
5) Profit.

Without security, the (client) mods can remove, corrupt, overwrite or encrypt all of the files to which you as user have access to. You can get the maximal destruction potential out of it by running Minetest as root or administrator (Windows).
Before you're asking for a setting to disable the security: We simply cannot make for each and every feature a setting to disable it. It might look different if tens of people would request such a setting - but not in single cases.
Mod Search Engine - Mods by Krock - DuckDuckGo mod search bang: !mtmod <keyword here>
 

User avatar
KGM
Member
 
Posts: 146
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany
 

Previous

Return to News



Who is online

Users browsing this forum: No registered users and 0 guests