[sldev] How Asset server handles saving of scripts

John Hurliman jhurliman at wsu.edu
Thu Dec 20 11:37:19 PST 2007


Argent Stonecutter wrote:
> On 2007-12-20, at 12:11, John Hurliman wrote:
>> Useless trivia: If there is a compile error the script source code is 
>> uploaded anyways, but no compiled binary. OpenSim uses this to their 
>> advantage; if you place a precompiler directive at the top of the 
>> file to indicate it is another language the viewer will fail to 
>> compile it but upload the plaintext, and the simulator will do 
>> server-side compilation of the script and run it.
>
> Yeh, I know about this. It's silly, because the client source tree 
> already contains the code to generate CIL from LSL.

OpenSim doesn't have an adequate CIL sandbox to trust random binaries 
from clients, no one has that (yet). The first version of Mono's CoreCLR 
security is out, and I understand Babbage designed his own for SL, but I 
would like to see some sort of audit on them before trusting a system 
with it*. Additionally, you would have to run a modified client to 
actually produce and upload that CIL which no one is doing right now, 
and you still wouldn't have support for all of the languages OpenSim is 
currently supporting such as Javascript.

* I hope there is some way to prevent code from using any sort of 
reflection at the runtime level, because it seems like that would 
subvert any security model you could think of



More information about the SLDev mailing list