MantisBT - opensim
View Issue Details
0008418opensim[REGION] Script Functionspublic2018-12-09 03:382018-12-11 14:39
unregi 
 
normaltweakalways
patch includedopen 
0.9.0.1 
 
Grid (1 Region per Sim)
BulletSim
Mono / Linux64
5.x
0008418: Implement ossl funtion to test Threat Level
It would be a big improvement if we would be able to check if ossl functions area allowed or not, so that we can implement some fallback or have just limited functionality if they are not allowed, instead of having the script just die with an Error message.

Attached is a patch for a Implementation of osCheckThreatLevel that returns OS_THREAT_ENABLED, OS_THREAT_DISABLED or OS_THREAD_NA (function doesn't exist or doesn't do any threat level checks)-
No tags attached.
patch 0001-Add-osCheckThreatLevel.patch (71,750) 2018-12-09 03:38
http://opensimulator.org/mantis/file_download.php?file_id=4806&type=bug
? dependency-test.lsl (953) 2018-12-11 13:10
http://opensimulator.org/mantis/file_download.php?file_id=4810&type=bug
Issue History
2018-12-09 03:38unregiNew Issue
2018-12-09 03:38unregiFile Added: 0001-Add-osCheckThreatLevel.patch
2018-12-09 03:40unregiStatusnew => patch included
2018-12-11 11:02UbitUmarovNote Added: 0033612
2018-12-11 11:45melanieNote Added: 0033613
2018-12-11 12:13unregiNote Added: 0033614
2018-12-11 12:15BillBlightNote Added: 0033615
2018-12-11 13:09unregiNote Added: 0033616
2018-12-11 13:10unregiFile Added: dependency-test.lsl
2018-12-11 13:20BillBlightNote Added: 0033617
2018-12-11 13:54melanieNote Added: 0033618
2018-12-11 14:14unregiNote Added: 0033619
2018-12-11 14:15unregiNote Edited: 0033619bug_revision_view_page.php?bugnote_id=33619#r7425
2018-12-11 14:16BillBlightNote Added: 0033620
2018-12-11 14:36unregiNote Added: 0033621
2018-12-11 14:39BillBlightNote Added: 0033622

Notes
(0033612)
UbitUmarov   
2018-12-11 11:02   
thanks
but patch on ice, for now.
(0033613)
melanie   
2018-12-11 11:45   
That test would allow scripts to test which malicious behaviour they can get away with :(
(0033614)
unregi   
2018-12-11 12:13   
There is a script out there that does already test which functions are available, someone posted it on IRC. It's throwing errors for every function that fails, but its still getting a list of all allowed functions back.
(0033615)
BillBlight   
2018-12-11 12:15   
the difference is that script takes some work to log what works and doesn't , you have to do it manually ..

this one could just IM you or store it in a note.
(0033616)
unregi   
2018-12-11 13:09   
Will link one just for reference:
https://forum.hypergrid.org/opensim-scripting/script-ossl-function-check-threat-level-moderate-t2941.html [^]
This will check a whole list of function and give you a nice list of available functions back and you can do whatever you want with it :)

Also attaching a script that's making a basic dependency check if required functions are available before running it.

I am not much a fan of security through obscurity. But i get your legit concerns.
(0033617)
BillBlight   
2018-12-11 13:20   
That script will also throw an error to the debug window letting owner know someone tried to do it, and not silently like this function would.
(0033618)
melanie   
2018-12-11 13:54   
That is because someone changed away from my original design. My original design was to hard stop the script. Make it so the user had to reset it, with all attendant loss of data gathered. Someone then later designed to make script error failures soft rather than hard. Since then, it has become exploitable.
(0033619)
unregi   
2018-12-11 14:14   
(edited on: 2018-12-11 14:15)
@bill Yes, a function for it wouldn't make much sense otherwise, if it wouldn't make it more userfriendly ;)

The Debug window message makes the check very inconvenient for everybody who wants to use it for good stuff, because even if he prints a long message explaining why this doesn't work on Nearby Chat, the user, scared from that red written message, will ask for help and complain that the script doesn't work.

At the same time, a griefer won't care about those Debug messages, he wants to destroy things anyway.
Lets just get some esample, a griefer joins your sim with a script:
  Check if osNpcRemove is available -> if yes, remove all NPCs
  Check if osSetTerreinTexture is available -> if yes, everything rainbow colors
  Then do some basic particle and rezzer spaming and whatever griefers usually do in SL
If you have a misconfiguration and he is allowed to set Terrain Texture, how will the Debug message, that you got 0.1s ago when the script checked if its allowed to mess with NPCs, save you from getting your sim changed to rainbow land?

(0033620)
BillBlight   
2018-12-11 14:16   
My statement about the debug window was it alerts the sim owner and everyone on the sim that someone is snooping your region for what functions are enabled.

This function would conceal that.
(0033621)
unregi   
2018-12-11 14:36   
What advantage does this give you against griefers?
(0033622)
BillBlight   
2018-12-11 14:39   
well, you then know who was on the region when it happened.