[sldev] How Asset server handles saving of scripts
John Hurliman
jhurliman at wsu.edu
Thu Dec 20 11:37:19 PST 2007
Argent Stonecutter wrote:
> On 2007-12-20, at 12:11, John Hurliman wrote:
>> Useless trivia: If there is a compile error the script source code is
>> uploaded anyways, but no compiled binary. OpenSim uses this to their
>> advantage; if you place a precompiler directive at the top of the
>> file to indicate it is another language the viewer will fail to
>> compile it but upload the plaintext, and the simulator will do
>> server-side compilation of the script and run it.
>
> Yeh, I know about this. It's silly, because the client source tree
> already contains the code to generate CIL from LSL.
OpenSim doesn't have an adequate CIL sandbox to trust random binaries
from clients, no one has that (yet). The first version of Mono's CoreCLR
security is out, and I understand Babbage designed his own for SL, but I
would like to see some sort of audit on them before trusting a system
with it*. Additionally, you would have to run a modified client to
actually produce and upload that CIL which no one is doing right now,
and you still wouldn't have support for all of the languages OpenSim is
currently supporting such as Javascript.
* I hope there is some way to prevent code from using any sort of
reflection at the runtime level, because it seems like that would
subvert any security model you could think of
More information about the SLDev
mailing list