Time Nick Message 09:33 TriBlade9 Hello all! 09:33 TriBlade9 casimir recommended I ask someone here about my registration problem 09:43 TriBlade9 Nevermind, casimir did it already, :) 13:51 casimir Hi, http://translate.minetest.ru/projects/minetest/core/ gives me 502 Bad Gateway. Is this already known? 14:32 kahrl casimir: yes, #1588 14:42 kahrl I would register for the hosted weblate service but I don't know if we need to transfer all existing accounts and possibly other data 14:45 RealBadAngel https://github.com/minetest/minetest/blob/master/src/client.cpp#L2563 14:46 RealBadAngel perfect example of wasting resources ^^ 14:46 RealBadAngel playing with strings to get a bool on each mesh refresh 14:48 RealBadAngel we have to make global settings class read just once, on game startup 14:48 RealBadAngel such actions ingame are icredibly stupid 14:49 kahrl RealBadAngel: then you have to recompile everything if you just add a setting 14:49 RealBadAngel no i wont have to 14:50 kahrl ? 14:50 RealBadAngel just read all the settings and keep them in a class 14:50 kahrl what do you mean, just keep them in a class? 14:50 RealBadAngel and call them by names 14:51 kahrl class GlobalSettings { public: bool smooth_lighting; ... }? 14:51 RealBadAngel kinda like that 14:51 RealBadAngel using strings to get the setting is shooting own foot 14:51 kahrl well that's what I mean, everything will include the header that declares this class 14:51 RealBadAngel ofc 14:51 RealBadAngel it already does 14:51 kahrl so you have to recompile everything if you change it 14:52 RealBadAngel its gonna be global change 14:52 RealBadAngel but that waste has to be stopped 15:26 RealBadAngel karhl, also argument that recompilation would be needed is not an argument. just laziness 15:29 RealBadAngel but to make my point clear. that class should read the settings old way 15:29 RealBadAngel but should do it just once, on startup 15:30 RealBadAngel any code that would need any setting shall refer to the read values, made public via settings class 15:31 RealBadAngel reading them runtime should be strictly prohibited 15:33 RealBadAngel such ways are causing those mysterious spikes ingame 15:34 RealBadAngel i fight for nanoseconds in mapblock_mesh while another thread happily spends miliseconds on reading the setting all the time 15:38 RealBadAngel also the settings are moved from one class to another 15:38 RealBadAngel and made internal 15:38 RealBadAngel which is also ridiculous 15:40 RealBadAngel what for make m_smooth_lighting a variable for each mesh while its a global, non changeable runtime value? 15:41 RealBadAngel propably only for higher memory usage and to give cpu something to do 15:42 RealBadAngel and please dont laugh anybody when i complain bout a setting 15:43 RealBadAngel "search completed with 313 matches" 17:35 kahrl any ideas/comments about the hosted weblate? 17:35 kahrl (is there data from the old weblate that we would need to migrate?) 17:38 sfan5 I don't think there is any 17:39 kahrl OK good, should I simply submit the request then? 17:39 sfan5 ¯\_(ツ)_/¯ 18:01 ShadowNinja kahrl: Anything's better than nothing. But get the credentials for minetest-services and ask xyz if he has anything else that you should have. 18:03 kahrl ShadowNinja: what's minetest-services? 18:03 ShadowNinja I'm trying to implement mod security in a mostly compatible way. I'd like to use a whitelist for functions, but I can't fucure out gow to set the global environment. Any ideas? _G = new_env just changes the _G variable in the global environment. 18:04 ShadowNinja kahrl: The GitHub account that weblate uses to push changes. 18:04 kahrl hmm 18:04 kahrl I thought the changes were pulled by github 18:04 ShadowNinja figure out how* 18:05 ShadowNinja kahrl: Nah, GitHub doesn't pull anything. You'll see the `Pushed by: minetest-services` under translation commits. 18:06 ShadowNinja (Or commited by, or whatever) 18:06 ShadowNinja kahrl: Any idea how to replace the global environment with an empty table in Lua 5.1? 18:07 VanessaE ShadowNinja: but...but... Minetest Services is a building on my Creative server :P 18:08 ShadowNinja VanessaE: Sorry, we're going to have to make you change the name, and we'll need damages for the trademark infringement. ;-) 18:09 VanessaE you fucker. :) 18:09 VanessaE I claim prior art! ;) 18:09 VanessaE (anyway your plan sounds good. I know sapier will approve) 18:10 ShadowNinja I checked sapier's old security commit, but he used a blacklist for that. 18:11 Krock Offtopic: https://github.com/minetest/minetest/pull/1605 18:20 kahrl ShadowNinja: I asked xyz, he said we can simply start from scratch, there's no data we need 18:21 kahrl and that I could ask him for the minetest-services password if we do need it 18:21 ShadowNinja kahrl: Alright. Any idea about the global environment thing? 18:21 kahrl not really 18:21 ShadowNinja :-| 18:22 kahrl wouldn't you have to restrict access to a lot of things, e.g. metatables? 18:22 nore ShadowNinja: have you read http://lua-users.org/wiki/SandBoxes ? 18:22 ShadowNinja nore: Yep. 18:23 ShadowNinja kahrl: No, almost entirely just file access functions. Things like getmetatable are only danjerous in Lua sandboxes, not C sandboxes. 18:24 ShadowNinja sapier's old commit blocked a lot of things that were O.K., so it broke a lot of mods. 18:25 nore where are the problems? (only io functions?) 18:25 ShadowNinja My changes should only break mods that use os.execute, io.popen, or io.open on paths outside path_user/share. 18:26 nore does it prevent problems with dofile too? 18:27 ShadowNinja nore: These are redirected and checked: http://pastebin.ubuntu.com/8261846/ A few others, like execute and popen can't really sanitize their input. 18:27 kahrl couldn't someone use io.open to write a bash/batch script into path_user and then execute it? 18:27 kahrl ah 18:27 ShadowNinja kahrl: Not without os.execute or similar. 18:27 kahrl yeah, I thought it was accessible with path checks 18:29 kahrl ShadowNinja: so what is a "C sandbox"? 18:29 ShadowNinja kahrl: I can't really tell what a call like that does without implementing a full sh/ash/bash/zsh/.../DOS/cmd processor. 18:29 kahrl ShadowNinja: and without solving the halting problem :P 18:30 ShadowNinja kahrl: A sandbox created from C. So setmetatable("", nil) doesn't affect C code. 18:30 kahrl hmm, I see 18:30 ShadowNinja kahrl: And we don't have to worry about crashes or lockups, because they aren't really a vulnerability. 18:30 nore kahrl: you could check the file executed contains no dangerous instructions 18:32 ShadowNinja nore: You can't predict what something will do unless you also parse the ELF/EXE code (which would be ridiculous). 18:32 kahrl ShadowNinja: depends, if the crash is due to a segfault (not an exception) that could lead to arbitrary code execution 18:32 nore ShadowNinja: if it runs a script, you can check the script 18:32 ShadowNinja kahrl: How so? 18:32 nore (of course, executables should be forbidden) 18:33 ShadowNinja nore: A script can do nothing on it's own, it has to call executables. 18:33 kahrl ShadowNinja: lua shouldn't be able to segfault, but if it can that might because one of our API functions can be used to write arbitrary data to arbitrary addresses 18:34 nore but some executables can be trusted 18:34 kahrl that might be* 18:34 ShadowNinja os.date - UNSAFE - This can crash on some platforms (undocumented). For example, os.date'%v'. It is reported that this will be fixed in 5.2 or 5.1.3 18:34 nore (although doing things like changing $PATH might be a problem...) 18:35 ShadowNinja ^ That shouldn't allow writing to arbitrary adresses. 18:35 kahrl dunno, I haven't seen the os.date code 18:35 kahrl it it's buggy like that, it might have buffer overflows as well 18:36 ShadowNinja I think that bug was because it passes it directly to strftime and %v didn't exist on all platforms. 18:38 kahrl wat 18:38 kahrl the "Additional message" field at hosted weblate is required 18:38 sfan5 why do we need a sandbox again? 18:39 sfan5 also many mods do io.open on the world dir or even the mod dir 18:39 sfan5 s/on/in/ 18:39 VanessaE moretrees does this to check for/create its config file. 18:40 sfan5 IMO we don't need sandboxes because they can be broken anyway 18:40 kahrl OK, my additional message " " got accepted 18:40 ShadowNinja http://sprunge.us/GQif?diff 18:41 ShadowNinja Anything under porting::path_user that isn't called minetest.conf is allowed. 18:42 sfan5 what about the world dir. and the mod dir. ? 18:42 ShadowNinja I suppose you could overwrite the executable in a RUN_IN_PLACE build though. 18:42 sfan5 "Bytecode prohibited when mod security is enabled." 18:42 sfan5 does that have any reason? 18:42 ShadowNinja sfan5: World dir is under user. 18:42 sfan5 ShadowNinja: no 18:42 sfan5 world dir is not guaranteed to be anywhere 18:43 ShadowNinja sfan5: Yes, bytecode can do just about whatever it wants, including writing to arbritrary addresses. 18:43 sfan5 ./minetestserver --world /tmp/this_is/not_path_user 18:43 sfan5 are you sure 18:43 sfan5 ? 18:43 ShadowNinja sfan5: Hmmm, O.K. If you like I can find you an email on a mailing list saying as much. 18:43 sfan5 please do 18:44 ShadowNinja http://lua-users.org/lists/lua-l/2010-08/msg00487.html 18:44 ShadowNinja Linked from the LuaSandboxing page. 18:45 sfan5 does that still work? 18:45 sfan5 and we don't need to protect the user from themselves 18:45 ShadowNinja May just be 5.2, but I'm not going to depend on Lua 5.1 and LuaJIT being safe and us never using 5.2. 18:46 sfan5 if you don't want the risk of anything not being safe don't execute any code 18:46 ShadowNinja sfan5: This protects the user from malicious mods that load("")() 18:46 sfan5 thats not an argument 18:46 ShadowNinja sfan5: Wut? 18:46 sfan5 the user is (should) be aware that mods can do what they want 18:47 sfan5 this protects user from attack scenario A is not an argument against that 18:47 VanessaE does the average Joe "Minetest User" Sixpack even look at the mod's code? 18:47 ShadowNinja sfan5: The whole point of this security commit is to prevent that. 18:47 VanessaE ergo, does it matter if the malicious code is bytecode or not? 18:47 sfan5 possibly not 18:47 ShadowNinja VanessaE: The difference is that Lua text code can't get around my protections. 18:48 sfan5 ShadowNinja: don't complain if 50% of mod authors later say to do "security = false" 18:48 VanessaE ShadowNinja: true enough, until someone finds some obscure exploit you didn't think of 18:48 sfan5 also it should be renamed to "mod_security" 18:49 ShadowNinja VanessaE: Lua is sandboxed by quite a lot of people, it lends itself well to that, as opposed to, say, Python. 18:49 VanessaE I'll grant you that (and from what I've been led to believe, Python doesn't lend itself well to ANYthing, except Portage :P ) 18:50 VanessaE I'm more concerned with the performance and convenience impact on users and modders, respectively. 18:50 sfan5 ^ 18:51 kahrl I sometimes wish portage was written in C++, not python. Dependency calculations can take minutes 18:51 ShadowNinja VanessaE: Performance should be the same except for things like io.open(), which are slow anyway and will be a few microseconds slower at most. 18:51 sfan5 ShadowNinja: how about the mods that have 1 file for every player? 18:51 ShadowNinja sfan5: They'll remain badly designed. 18:52 sfan5 ShadowNinja: does "require" still work? 18:52 ShadowNinja sfan5: This won't slow them down perceptively, unless they load every single player file on start. 18:52 VanessaE sfan5: they can switch to using the datastorage mod or suffer. but they'd have done that anyway :P 18:53 ShadowNinja sfan5: Nope, that can load C modules. I could wrap it, but I think the only mod that uses it is the IRC mod, and it uses it for loading a C module. 18:53 sfan5 not only the irc mod 18:53 sfan5 my "nm" mod too 18:53 sfan5 because bitops in lua are horribly slow 18:54 ShadowNinja sfan5: For C code? 18:54 sfan5 basically yes 18:54 sfan5 bit/bit32 18:54 nore sfan5, with JIT bitops are faster in lua than using bit32 18:54 ShadowNinja nore's computer mod too, but that's also C code. 18:54 nore that's why implemented a pure lua version of it 18:55 sfan5 possible 18:55 sfan5 but I can't assume that JIT is used 18:55 ShadowNinja Lua 5.3 has real bitwise operators, but I'm having trouble getting even 5.2 through. 18:55 ShadowNinja (Oh, and 64-bit integers) 18:55 sfan5 ShadowNinja: what if I do minetest.setting_setbool("security", "false") ? 18:55 VanessaE why aren't we just bundling JIT then? 18:55 VanessaE it runs everywhere minetest does 18:56 ShadowNinja sfan5: I haven't patched that yet, but it won't be effective until the next restart. 18:56 sfan5 does it run on GNU hurd? 18:56 sfan5 ShadowNinja: thats irrevelant for malicious mods 18:56 VanessaE does minetest? :) 18:56 sfan5 yes 18:56 sfan5 debian has minetest for i386-hurd 18:56 ShadowNinja VanessaE: It's stuck on Lua 5.1+some 5.2. 18:58 ShadowNinja VanessaE: Apparently some companies use LuaJIT and depend on Lua 5.1 features and can't change the 1% of code that they's have to change to fix incompatabilities. 18:58 sfan5 VanessaE: according to the debian package luajit doesn't run on alpha, arm64, hppa, hurd-i386, kfreebsd-amd64, m68k, mipsel, ppc94el, s390x, sparc 18:58 VanessaE ShadowNinja: which you and I know is utter bull. 18:59 ShadowNinja VanessaE: Yep. 18:59 sfan5 especially some servers use freebsd amd64 18:59 VanessaE *sigh* 19:00 ShadowNinja VanessaE: The main missing Lua 5.2 feature is _ENV, and it takes about 5 lines of code to add it, and I'm pretty sure it's compatible. 19:01 sfan5 ShadowNinja: where's the "minetest" table in static const char * whitelist[] ? 19:01 ShadowNinja sfan5: It's called "core". Builtin aliases it. 19:01 sfan5 builtin is in the sandbox too? 19:02 ShadowNinja sfan5: Yep, since I can allow a lot of things it shouldn't need any protected features. 19:03 sfan5 so why do we need to protect the user from themselves again? 19:03 ShadowNinja sfan5: ATM that patch just causes a Lua stack overflow, because _G = new_env just sets _G in the global environment. 19:03 ShadowNinja sfan5: We don't? 19:03 sfan5 why do you want to add that patch then? 19:05 ShadowNinja sfan5: It protect usesr from malicious mod makers. And eventually from malicious server owners/mod makers when client-side lLua is added. 19:05 ShadowNinja users* Lua* 19:06 sfan5 didn't you just say we don't need to protect the user from themselves? 19:06 sfan5 and client-side lua will be sandboxed anyway 19:06 sfan5 client-side lua is still far away too 19:08 ShadowNinja sfan5: Users do use mods written by people other than themselves... And how are you going to read all of the code of a mod like Technic, homedecor, or mobf? 19:09 sfan5 protect the users from themselves downloading and installing mods 19:09 sfan5 it's not like you need to download them from shady.website12345.com.cx instead of the forum 19:10 ShadowNinja sfan5: And you can't put a malicious mod on the forum? 19:10 sfan5 you can 19:11 sfan5 but it's more likely to be detected there 19:11 ShadowNinja sfan5: After it's already done it's damage? 19:12 sfan5 yeah 19:12 ShadowNinja ... 19:35 * ShadowNinja tries to get it to work by using Lua internals... 19:58 CraigyDavi`` Reported by someone on my server...I haven't actually tested myself: They say that sometimes spamming the creative mode button and then joining a server enables them to dig like in creative on that server. This is on the android version. 19:59 iqualfragile CraigyDavi``: im not too sure, but i think the server does not check the dig speed 20:02 iqualfragile is there some way to use rollback and rollback_check without time limit? 20:04 sfan5 iqualfragile: server checks the dig speed 20:04 iqualfragile oh, ok 20:04 sfan5 CraigyDavi``: impossible, the client-side creative mode setting is not used 20:05 iqualfragile what about if the server has anticheat disabled? 20:05 sfan5 I don't think anticheat disabled that check 20:05 sfan5 even if, the client-side setting is not used 20:51 ShadowNinja iqualfragile: Just use a huge time limit. 21:10 ShadowNinja \o/ I got it to work with lua_pushthread and lua_setfenv. 21:15 iqualfragile ShadowNinja: multithreading? 21:15 VanessaE ShadowNinja: care to elaborate on what "it" is? 21:15 ShadowNinja My mod security system. 21:16 iqualfragile aww, hoped for multithreading 21:16 ShadowNinja iqualfragile: The Async API doesn't use this yet, neither does the menu. 21:16 VanessaE a 21:16 VanessaE ah