Minetest logo

IRC log for #minetest-dev, 2014-09-05

| Channels | #minetest-dev index | Today | | Google Search | Plaintext

All times shown according to UTC.

Time Nick Message
00:18 VargaD_ joined #minetest-dev
01:27 OldCoder joined #minetest-dev
02:29 psedlak joined #minetest-dev
02:50 mrtux joined #minetest-dev
03:44 Hunterz joined #minetest-dev
03:46 mberends joined #minetest-dev
04:49 VanessaE joined #minetest-dev
04:58 proller joined #minetest-dev
05:14 sol_invictus joined #minetest-dev
05:44 OldCoder joined #minetest-dev
05:48 Hunterz joined #minetest-dev
06:05 proller joined #minetest-dev
06:54 OldCoder joined #minetest-dev
07:52 Taoki[mobile] joined #minetest-dev
08:05 casimir joined #minetest-dev
09:09 CraigyDavi`` joined #minetest-dev
09:28 TriBlade9 joined #minetest-dev
09:30 Weedy joined #minetest-dev
09:33 TriBlade9 Hello all!
09:33 TriBlade9 casimir recommended I ask someone here about my registration problem
09:43 TriBlade9 Nevermind, casimir did it already, :)
09:56 crazyR joined #minetest-dev
10:34 Amaz joined #minetest-dev
10:39 proller joined #minetest-dev
10:52 Megaf joined #minetest-dev
11:05 Amaz joined #minetest-dev
11:16 Amaz joined #minetest-dev
11:39 ImQ009 joined #minetest-dev
11:40 PenguinDad joined #minetest-dev
12:29 proller joined #minetest-dev
12:40 casimir joined #minetest-dev
12:44 AnotherBrick joined #minetest-dev
12:47 PilzAdam joined #minetest-dev
13:23 RealBadAngel joined #minetest-dev
13:40 hax404_ joined #minetest-dev
13:51 casimir Hi, http://translate.minetest.​ru/projects/minetest/core/ gives me 502 Bad Gateway. Is this already known?
13:52 PilzAdam joined #minetest-dev
13:52 mberends joined #minetest-dev
14:02 hmmmm joined #minetest-dev
14:09 khonkhortisan joined #minetest-dev
14:15 proller joined #minetest-dev
14:31 kahrl joined #minetest-dev
14:32 kahrl casimir: yes, #1588
14:41 proller joined #minetest-dev
14:42 kahrl I would register for the hosted weblate service but I don't know if we need to transfer all existing accounts and possibly other data
14:45 RealBadAngel https://github.com/minetest/minetes​t/blob/master/src/client.cpp#L2563
14:46 RealBadAngel perfect example of wasting resources ^^
14:46 RealBadAngel playing with strings to get a bool on each mesh refresh
14:48 RealBadAngel we have to make global settings class read just once, on game startup
14:48 RealBadAngel such actions ingame are icredibly stupid
14:49 kahrl RealBadAngel: then you have to recompile everything if you just add a setting
14:49 RealBadAngel no i wont have to
14:50 kahrl ?
14:50 RealBadAngel just read all the settings and keep them in a class
14:50 kahrl what do you mean, just keep them in a class?
14:50 RealBadAngel and call them by names
14:51 kahrl class GlobalSettings { public: bool smooth_lighting; ... }?
14:51 RealBadAngel kinda like that
14:51 RealBadAngel using strings to get the setting is shooting own foot
14:51 kahrl well that's what I mean, everything will include the header that declares this class
14:51 RealBadAngel ofc
14:51 RealBadAngel it already does
14:51 kahrl so you have to recompile everything if you change it
14:52 RealBadAngel its gonna be global change
14:52 RealBadAngel but that waste has to be stopped
15:19 nore joined #minetest-dev
15:20 crazyR joined #minetest-dev
15:25 Hunterz joined #minetest-dev
15:26 RealBadAngel karhl, also argument that recompilation would be needed is not an argument. just laziness
15:28 Amaz joined #minetest-dev
15:29 RealBadAngel but to make my point clear. that class should read the settings old way
15:29 RealBadAngel but should do it just once, on startup
15:30 sfan5_ joined #minetest-dev
15:30 RealBadAngel any code that   would need any setting shall refer to the read values, made public via settings class
15:31 RealBadAngel reading them runtime should be strictly prohibited
15:33 RealBadAngel such ways are causing those mysterious spikes ingame
15:33 sfan5 joined #minetest-dev
15:34 RealBadAngel i fight for nanoseconds in mapblock_mesh while another thread happily spends miliseconds on reading the setting all the time
15:38 RealBadAngel also the settings are moved from one class to another
15:38 RealBadAngel and made internal
15:38 RealBadAngel which is also ridiculous
15:40 RealBadAngel what for make m_smooth_lighting a variable for each mesh while its a global, non changeable runtime value?
15:41 RealBadAngel propably only for higher memory usage and to give cpu something to do
15:42 RealBadAngel and please dont laugh anybody when i complain bout a setting
15:43 RealBadAngel "search completed with 313 matches"
15:55 zat joined #minetest-dev
15:58 proller joined #minetest-dev
16:12 NakedFury joined #minetest-dev
16:26 Calinou joined #minetest-dev
16:31 Taoki[mobile] joined #minetest-dev
16:41 Krock joined #minetest-dev
16:55 zat joined #minetest-dev
16:57 zat joined #minetest-dev
17:11 zat joined #minetest-dev
17:34 rubenwardy joined #minetest-dev
17:35 kahrl any ideas/comments about the hosted weblate?
17:35 kahrl (is there data from the old weblate that we would need to migrate?)
17:38 sfan5 I don't think there is any
17:39 kahrl OK good, should I simply submit the request then?
17:39 sfan5 ¯\_(ツ)_/¯
18:01 ShadowNinja kahrl: Anything's better than nothing.  But get the credentials for minetest-services and ask xyz if he has anything else that you should have.
18:03 kahrl ShadowNinja: what's minetest-services?
18:03 ShadowNinja I'm trying to implement mod security in a mostly compatible way.  I'd like to use a whitelist for functions, but I can't fucure out gow to set the global environment.  Any ideas?  _G = new_env just changes the _G variable in the global environment.
18:04 ShadowNinja kahrl: The GitHub account that weblate uses to push changes.
18:04 kahrl hmm
18:04 kahrl I thought the changes were pulled by github
18:04 ShadowNinja figure out how*
18:05 ShadowNinja kahrl: Nah, GitHub doesn't pull anything.  You'll see the `Pushed by: minetest-services` under translation commits.
18:06 ShadowNinja (Or commited by, or whatever)
18:06 ShadowNinja kahrl: Any idea how to replace the global environment with an empty table in Lua 5.1?
18:07 VanessaE ShadowNinja: but...but... Minetest Services is a building on my Creative server :P
18:08 ShadowNinja VanessaE: Sorry, we're going to have to make you change the name, and we'll need damages for the trademark infringement.  ;-)
18:09 VanessaE you fucker. :)
18:09 VanessaE I claim prior art! ;)
18:09 VanessaE (anyway your plan sounds good.  I know sapier will approve)
18:10 ShadowNinja I checked sapier's old security commit, but he used a blacklist for that.
18:11 Krock Offtopic: https://github.com/minetest/minetest/pull/1605
18:12 sol_invictus joined #minetest-dev
18:20 kahrl ShadowNinja: I asked xyz, he said we can simply start from scratch, there's no data we need
18:21 kahrl and that I could ask him for the minetest-services password if we do need it
18:21 ShadowNinja kahrl: Alright.  Any idea about the global environment thing?
18:21 kahrl not really
18:21 ShadowNinja :-|
18:22 kahrl wouldn't you have to restrict access to a lot of things, e.g. metatables?
18:22 nore ShadowNinja: have you read http://lua-users.org/wiki/SandBoxes ?
18:22 ShadowNinja nore: Yep.
18:23 ShadowNinja kahrl: No, almost entirely just file access functions.  Things like getmetatable are only danjerous in Lua sandboxes, not C sandboxes.
18:24 ShadowNinja sapier's old commit blocked a lot of things that were O.K., so it broke a lot of mods.
18:25 nore where are the problems? (only io functions?)
18:25 ShadowNinja My changes should only break mods that use os.execute, io.popen, or io.open on paths outside path_user/share.
18:26 nore does it prevent problems with dofile too?
18:27 ShadowNinja nore: These are redirected and checked: http://pastebin.ubuntu.com/8261846/  A few others, like execute and popen can't really sanitize their input.
18:27 kahrl couldn't someone use io.open to write a bash/batch script into path_user and then execute it?
18:27 kahrl ah
18:27 ShadowNinja kahrl: Not without os.execute or similar.
18:27 kahrl yeah, I thought it was accessible with path checks
18:29 kahrl ShadowNinja: so what is a "C sandbox"?
18:29 ShadowNinja kahrl: I can't really tell what a call like that does without implementing a full sh/ash/bash/zsh/.../DOS/cmd processor.
18:29 kahrl ShadowNinja: and without solving the halting problem :P
18:30 ShadowNinja kahrl: A sandbox created from C.  So setmetatable("", nil) doesn't affect C code.
18:30 kahrl hmm, I see
18:30 ShadowNinja kahrl: And we don't have to worry about crashes or lockups, because they aren't really a vulnerability.
18:30 nore kahrl: you could check the file executed contains no dangerous instructions
18:32 ShadowNinja nore: You can't predict what something will do unless you also parse the ELF/EXE code (which would be ridiculous).
18:32 kahrl ShadowNinja: depends, if the crash is due to a segfault (not an exception) that could lead to arbitrary code execution
18:32 nore ShadowNinja: if it runs a script, you can check the script
18:32 ShadowNinja kahrl: How so?
18:32 nore (of course, executables should be forbidden)
18:33 ShadowNinja nore: A script can do nothing on it's own, it has to call executables.
18:33 kahrl ShadowNinja: lua shouldn't be able to segfault, but if it can that might because one of our API functions can be used to write arbitrary data to arbitrary addresses
18:34 sol_invictus joined #minetest-dev
18:34 nore but some executables can be trusted
18:34 kahrl that might be*
18:34 ShadowNinja os.date - UNSAFE - This can crash on some platforms (undocumented). For example, os.date'%v'. It is reported that this will be fixed in 5.2 or 5.1.3
18:34 nore (although doing things like changing $PATH might be a problem...)
18:35 ShadowNinja ^ That shouldn't allow writing to arbitrary adresses.
18:35 kahrl dunno, I haven't seen the os.date code
18:35 kahrl it it's buggy like that, it might have buffer overflows as well
18:36 ShadowNinja I think that bug was because it passes it directly to strftime and %v didn't exist on all platforms.
18:37 Megaf joined #minetest-dev
18:38 kahrl wat
18:38 kahrl the "Additional message" field at hosted weblate is required
18:38 sfan5 why do we need a sandbox again?
18:39 sfan5 also many mods do io.open on the world dir or even the mod dir
18:39 sfan5 s/on/in/
18:39 VanessaE moretrees does this to check for/create its config file.
18:40 sfan5 IMO we don't need sandboxes because they can be broken anyway
18:40 kahrl OK, my additional message " " got accepted
18:40 ShadowNinja http://sprunge.us/GQif?diff
18:41 ShadowNinja Anything under porting::path_user that isn't called minetest.conf is allowed.
18:42 sfan5 what about the world dir. and the mod dir. ?
18:42 ShadowNinja I suppose you could overwrite the executable in a RUN_IN_PLACE build though.
18:42 sfan5 "Bytecode prohibited when mod security is enabled."
18:42 sfan5 does that have any reason?
18:42 ShadowNinja sfan5: World dir is under user.
18:42 sfan5 ShadowNinja: no
18:42 sfan5 world dir is not guaranteed to be anywhere
18:43 ShadowNinja sfan5: Yes, bytecode can do just about whatever it wants, including writing to arbritrary addresses.
18:43 sfan5 ./minetestserver --world /tmp/this_is/not_path_user
18:43 sfan5 are you sure
18:43 sfan5 ?
18:43 ShadowNinja sfan5: Hmmm, O.K.  If you like I can find you an email on a mailing list saying as much.
18:43 sfan5 please do
18:44 ShadowNinja http://lua-users.org/lists/​lua-l/2010-08/msg00487.html
18:44 ShadowNinja Linked from the LuaSandboxing page.
18:45 sfan5 does that still work?
18:45 sfan5 and we don't need to protect the user from themselves
18:45 ShadowNinja May just be 5.2, but I'm not going to depend on Lua 5.1 and LuaJIT being safe and us never using 5.2.
18:46 sfan5 if you don't want the risk of anything not being safe don't execute any code
18:46 ShadowNinja sfan5: This protects the user from malicious mods that load("<malicious bytecode>")()
18:46 sfan5 thats not an argument
18:46 ShadowNinja sfan5: Wut?
18:46 sfan5 the user is (should) be aware that mods can do what they want
18:47 sfan5 this protects user from attack scenario A is not an argument against that
18:47 VanessaE does the average Joe "Minetest User" Sixpack even look at the mod's code?
18:47 ShadowNinja sfan5: The whole point of this security commit is to prevent that.
18:47 VanessaE ergo, does it matter if the malicious code is bytecode or not?
18:47 sfan5 possibly not
18:47 ShadowNinja VanessaE: The difference is that Lua text code can't get around my protections.
18:48 sfan5 ShadowNinja: don't complain if 50% of mod authors later say to do "security = false"
18:48 VanessaE ShadowNinja: true enough, until someone finds some obscure exploit you didn't think of
18:48 sfan5 also it should be renamed to "mod_security"
18:49 ShadowNinja VanessaE: Lua is sandboxed by quite a lot of people, it lends itself well to that, as opposed to, say, Python.
18:49 VanessaE I'll grant you that (and from what I've been led to believe, Python doesn't lend itself well to ANYthing, except Portage :P )
18:50 VanessaE I'm more concerned with the performance and convenience impact on users and modders, respectively.
18:50 sfan5 ^
18:51 kahrl I sometimes wish portage was written in C++, not python. Dependency calculations can take minutes </offtopic>
18:51 ShadowNinja VanessaE: Performance should be the same except for things like io.open(), which are slow anyway and will be a few microseconds slower at most.
18:51 sfan5 ShadowNinja: how about the mods that have 1 file for every player?
18:51 ShadowNinja sfan5: They'll remain badly designed.
18:52 sfan5 ShadowNinja: does "require" still work?
18:52 ShadowNinja sfan5: This won't slow them down perceptively, unless they load every single player file on start.
18:52 VanessaE sfan5: they can switch to using the datastorage mod or suffer.  but they'd have done that anyway :P
18:53 ShadowNinja sfan5: Nope, that can load C modules.  I could wrap it, but I think the only mod that uses it is the IRC mod, and it uses it for loading a C module.
18:53 sfan5 not only the irc mod
18:53 sfan5 my "nm" mod too
18:53 sfan5 because bitops in lua are horribly slow
18:54 ShadowNinja sfan5: For C code?
18:54 sfan5 basically yes
18:54 sfan5 bit/bit32
18:54 nore sfan5, with JIT bitops are faster in lua than using bit32
18:54 ShadowNinja nore's computer mod too, but that's also C code.
18:54 nore that's why implemented a pure lua version of it
18:55 sfan5 possible
18:55 sfan5 but I can't assume that JIT is used
18:55 ShadowNinja Lua 5.3 has real bitwise operators, but I'm having trouble getting even 5.2 through.
18:55 ShadowNinja (Oh, and 64-bit integers)
18:55 sfan5 ShadowNinja: what if I do minetest.setting_setbool("security", "false") ?
18:55 VanessaE why aren't we just bundling JIT then?
18:55 VanessaE it runs everywhere minetest does
18:56 ShadowNinja sfan5: I haven't patched that yet, but it won't be effective until the next restart.
18:56 sfan5 does it run on GNU hurd?
18:56 sfan5 ShadowNinja: thats irrevelant for malicious mods
18:56 VanessaE does minetest? :)
18:56 sfan5 yes
18:56 sfan5 debian has minetest for i386-hurd
18:56 ShadowNinja VanessaE: It's stuck on Lua 5.1+some 5.2.
18:58 ShadowNinja VanessaE: Apparently some companies use LuaJIT and depend on Lua 5.1 features and can't change the 1% of code that they's have to change to fix incompatabilities.
18:58 sfan5 VanessaE: according to the debian package luajit doesn't run on alpha, arm64, hppa, hurd-i386, kfreebsd-amd64, m68k, mipsel, ppc94el, s390x, sparc
18:58 VanessaE ShadowNinja: which you and I know is utter bull.
18:59 ShadowNinja VanessaE: Yep.
18:59 sfan5 especially some servers use freebsd amd64
18:59 VanessaE *sigh*
19:00 ShadowNinja VanessaE: The main missing Lua 5.2 feature is _ENV, and it takes about 5 lines of code to add it, and I'm pretty sure it's compatible.
19:01 Amaz joined #minetest-dev
19:01 sfan5 ShadowNinja: where's the "minetest" table in static const char * whitelist[] ?
19:01 ShadowNinja sfan5: It's called "core".  Builtin aliases it.
19:01 sfan5 builtin is in the sandbox too?
19:02 Megaf joined #minetest-dev
19:02 ShadowNinja sfan5: Yep, since I can allow a lot of things it shouldn't need any protected features.
19:03 sfan5 so why do we need to protect the user from themselves again?
19:03 ShadowNinja sfan5: ATM that patch just causes a Lua stack overflow, because _G = new_env just sets _G in the global environment.
19:03 ShadowNinja sfan5: We don't?
19:03 sfan5 why do you want to add that patch then?
19:05 ShadowNinja sfan5: It protect usesr from malicious mod makers.  And eventually from malicious server owners/mod makers when client-side lLua is added.
19:05 ShadowNinja users* Lua*
19:06 sfan5 didn't you just say we don't need to protect the user from themselves?
19:06 sfan5 and client-side lua will be sandboxed anyway
19:06 sfan5 client-side lua is still far away too
19:08 ShadowNinja sfan5: Users do use mods written by people other than themselves...  And how are you going to read all of the code of a mod like Technic, homedecor, or mobf?
19:09 sfan5 protect the users from themselves downloading and installing mods
19:09 sfan5 it's not like you need to download them from shady.website12345.com.cx instead of the forum
19:10 ShadowNinja sfan5: And you can't put a malicious mod on the forum?
19:10 sfan5 you can
19:11 sfan5 but it's more likely to be detected there
19:11 ShadowNinja sfan5: After it's already done it's damage?
19:11 Megaf joined #minetest-dev
19:12 sfan5 yeah
19:12 ShadowNinja ...
19:35 * ShadowNinja tries to get it to work by using Lua internals...
19:56 iqualfragile joined #minetest-dev
19:58 CraigyDavi`` Reported by someone on my server...I haven't actually tested myself: They say that sometimes spamming the creative mode button and then joining a server enables them to dig like in creative on that server. This is on the android version.
19:59 iqualfragile CraigyDavi``: im not too sure, but i think the server does not check the dig speed
20:02 iqualfragile is there some way to use rollback and rollback_check without time limit?
20:04 sfan5 iqualfragile: server checks the dig speed
20:04 iqualfragile oh, ok
20:04 sfan5 CraigyDavi``: impossible, the client-side creative mode setting is not used
20:05 iqualfragile what about if the server has anticheat disabled?
20:05 sfan5 I don't think anticheat disabled that check
20:05 sfan5 even if, the client-side setting is not used
20:16 acestudios joined #minetest-dev
20:20 Miner_48er joined #minetest-dev
20:38 OldCoder joined #minetest-dev
20:51 ShadowNinja iqualfragile: Just use a huge time limit.
21:10 ShadowNinja \o/ I got it to work with lua_pushthread and lua_setfenv.
21:14 casimir joined #minetest-dev
21:15 iqualfragile ShadowNinja: multithreading?
21:15 VanessaE ShadowNinja: care to elaborate on what "it" is?
21:15 ShadowNinja My mod security system.
21:16 iqualfragile aww, hoped for multithreading
21:16 ShadowNinja iqualfragile: The Async API doesn't use this yet, neither does the menu.
21:16 VanessaE a
21:16 VanessaE ah
21:59 proller joined #minetest-dev
22:40 paramat joined #minetest-dev

| Channels | #minetest-dev index | Today | | Google Search | Plaintext