Security OpenSim Security Part 1 - Sandboxie

OpenSim Categories

Who's Online

We have 56 guests online

Users Online


Help support us

OpenSim Security Part 1 - Sandboxie PDF Print E-mail
OpenSim - Security
Written by Skidz Tweak   
Saturday, 28 March 2009 13:14
Like most of you, running an application on the internet with open ports, especially a program still in Alpha development makes me a little nervous. So I started exploring different security options I could apply to help reduce the risk. While this will continue to be something I explore, I thought I would share what I have found so far.
The best solution that I have found, and implemented so far is Sandboxie. Sandboxie is a great security application that runs application in there own isolated memory space. It prevents them from accessing any other processes, registry settings, files, or anything really. This means if an exploit is ever found, it will limit the exploit's ability to corrupt or change your system.

Note: Sandboxie can be used for tons of other things, including your web browsers. In a recent web browser vulnerability competition, last year's winner stated that he had found a vulnerability in Google chrome browser, but was not able to take advantage of it, because it uses a similar technology as Sandboxie, sandboxing the browser off from the rest of the operating system.

Step 1

Download/Installing Sandboxie

First download Sandboxie, its a free application, but I do encourage you to buy a license (I did).
Install Sandboxie leaving all the default options.

Step 2

Create sandbox.

Start Sandboxie, if it didn't automatically start on completion of install.
Click Sandbox/Create New Sandbox
Name the new sandbox "Opensim"
Click OK.

You should not have 2 sandboxes listed in your Sandboxie window, DefaultBox, and Opensim

Step 3

Configure our sandbox so that OpenSim can access the files that are needed.

Now, I don't have a list of the exact files each server needs access too, so to cover my bases I just gave it full access to the c:\OpenSimProd directory. But, this could be tighted up, and I will most likely figure out which files each server needs access too in the future, and actually create a sandbox for each one, but for now, this works, and is better than nothing.

Right click on your OpenSim sandbox, and click Sandbox settings
On the left in the settings tree expand /Resource Access/File Access/Full Access
Click add and add the directory your Opensim runs in.
Click OK

Step 4

Createing shortcuts to start up your Opensim grid

I personally uses a bat file to start up my grid fully.
I included it in Part 2 of how to run a serious grid at home but had to make some changes to it for Sandboxie:
cd c:\OpenSimProd
start OpenSim.Grid.UserServer.exe
PING -n 1 -w 10000 >NUL
start OpenSim.Grid.GridServer.exe
PING -n 1 -w 10000 >NUL
start OpenSim.Grid.AssetServer.exe
PING -n 1 -w 10000 >NUL
start OpenSim.Grid.InventoryServer.exe
PING -n 1 -w 10000 >NUL
start OpenSim.Grid.MessagingServer.exe
PING -n 1 -w 10000 >NUL
start OpenSim.exe

Now to run this bat file in Sandboxie we need to create a shortcut.
I placed mine on the desktop by right clicking it and clicking new/shortcut
The path to the shortcut should be this:
"C:\Program Files\Sandboxie\Start.exe" /box:OpenSim /nosbiectrl /startcom C:\OpenSimProd\StartEverything.Bat

If your running some sims on a different computer as well for those the shortcut would be:
"C:\Program Files\Sandboxie\Start.exe" /box:OpenSim /nosbiectrl C:\OpenSimProd\OpenSim.exe

Step 5

If you have your OpenSim currently running you will need to shutdown everything with the command "quit"

Step 6

Start it back up by using the shortcut we created in Step 4

Finish Up

If you have any problems running your OpenSim Sandboxed let me know. I so far have found no problems, and it does add a great layer of security that was not there before. I will continue to explore diffrent methods for securing OpenSim, and if you have any tips for this subject as well I invite you to leave comments, or contact me in SL, or twitter .
Last Updated on Sunday, 12 April 2009 08:28

Skidz Partz Shopping

Your cart is empty

Skidz Partz Blog RSS

Skidz Partz

SkidzPartz Login


Should the TMat 4.0 be made of Mesh? This does not mean it will support mesh, just made of mesh..

CB Workflows