Threat level

Home

Download

News

Support

Admin

Dev

Screen Shots

Grid List

Bugs

Languages:

English

To permit region owners to enable the extended scripting functionality of OSSL, without allowing malicious scripts to access potentially troublesome functions, each OSSL function is assigned a threat level, and access to the functions is granted or denied based on a default threshold set in OpenSim.ini (which can be overridden for individual functions on a case-by-case basis).

The threat levels, from wholly unthreatening to most potentially damaging, are:

None: Function is no threat at all. It doesn't constitute a threat to either users or the system and has no known side effects.
Nuisance: Abuse of this command can cause a nuisance to the region operator, such as log message spew.
VeryLow: Extreme levels of abuse of this function can cause impaired functioning of the region, or very gullible users can be tricked into experiencing harmless effects.
Low: Intentional abuse can cause crashes or malfunction under certain circumstances, which can be easily rectified; or certain users can be tricked into certain situations in an avoidable manner.
Moderate: Intentional abuse can cause denial of service and crashes with potential of data or state loss; or trusting users can be tricked into embarrassing or uncomfortable situations.
High: Casual abuse can cause impaired functionality or temporary denial of service conditions. Intentional abuse can easily cause crashes with potential data loss, or can be used to trick experienced and cautious users into unwanted situations, or changes global data permanently and without undo ability.
VeryHigh: Even normal use may, depending on the number of instances, or frequency of use, result in severe service impairment or crash with loss of data, or can be used to cause unwanted or harmful effects on users without giving the user a means to avoid it.
Severe: Even casual use is a danger to region stability, or function allows console or OS command execution, or function allows taking money without consent, or allows deletion or modification of user data, or allows the compromise of sensitive data by design.

The OSFunctionThreatLevel setting in the script engines' configuration sections of OpenSim.ini controls what classes of functions are accessible to scripts owned by any avatar; any function at the same threat level or lower than the value provided for OsFunctionThreatLevel is permitted to run. If OSFunctionThreatLevel is absent from the configuration file, the default value is VeryLow.

OSSL functions may also be permitted or prohibited on an individual basis, by adding Allow_* lines to the script engine's configuration section. To permit scripts owned by anyone to access a function, even if its threat level exceeds the value of OSFunctionThreatLevel, use the value 'true':

Allow_osMakeNotecard = true

To prohibit scripts owned by anyone from accessing a function, even if its threat level is equal to or below the value of OSFunctionThreatLevel, use the value 'false':

Allow_osMovePen = false

To allow scripts owned by only certain avatars to access a function, use the UUIDs of the avatars. If multiple avatars are to be permitted access, separate the UUIDs with commas:

Allow_osMakeNotecard = a1cbbdd7-8adb-4158-aa52-c0ee882c4492
Allow_osTeleportAgent = a1cbbdd7-8adb-4158-aa52-c0ee882c4492,9cab27da-764c-4469-a628-369d978ba436

Below is a list of OSSL functions grouped by threat level: