[opensource-dev] Known details of LL 'Firefly' client-side scripting
Argent Stonecutter
secret.argent at gmail.com
Wed Mar 17 14:20:20 PDT 2010
On 2010-03-17, at 16:06, Dzonatas Sol wrote:
> This is why I pointed to the sandbox model with the tried and proven
> virtualization means of linux emulation as an example. One can
> easily allow untrusted code to execute natively in the linux
> emulation.
No you can't. Even in a virtual machine, badly behaved code can
compromise you. If you allow it access to resources in Second Life, it
can attack those resources. If you allow it to interact with your view
of the world, it can substitute elements displayed in that view. If
you allow it to make network connections, it can take part in a
botnet. If you run other code in that sandbox (other untrusted code
from a different source) it can compromise that. If you create a
separate VM for each piece of code, then the overhead of your
sandboxes becomes unmanageable. You can't just say "it's in a sandbox".
> Let's say BLIZZARD decided to release a software download inside of
> SL. You can use L$ to buy your next game of BLIZZARD directly inside
> SL.
If that involves downloading a file to disk and explicitly making a
deliberate decision to open and install that file, fine. If it
involves a scripted vendor being able to download and install native
code through an API in some sandbox in the viewer, no, that would be
bad. Because if BLIZZARD can use that API, then so can the PN and W-
Hat and SomethingAwful.
More information about the opensource-dev
mailing list