Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002386opensim[REGION] Scripting Enginepublic2008-10-11 03:372011-08-08 06:32
Assigned To 
PlatformOSOS Version
Product Versionmaster (dev code) 
Target VersionFixed in Version 
Summary0002386: Inworld display of runtime error messages are too chatty -> security issue
DescriptionTry this:

1) With the default setting (OpenSim.ini) for: AllowOSFunctions = false
2) try to run this sample script: [^]

You see a (cutted) stack trace output on the debug channel like this one:
Primitive: Runtime error:

Server stack trace:
   bei OpenSim.Region.ScriptEngine.Shared.Api.OSSL_Api.OSSLError(String msg) in c:\dev\opensim\trunk\OpenSim\Region\ScriptEngine\Shared\Api\Implementation\OSSL_Api.cs:Zeile 168.
   bei OpenSim.Region.ScriptEngine.Shared.Api.OSSL_Api.CheckThreatLevel(ThreatLevel level, String function) in c:\dev\opensim\trunk\OpenSim\Region\ScriptEngine\Shared\Api\Implementation\OSSL_Api.cs:Zeile 174.
   bei OpenSim.Region.ScriptEngine.Shared.Api.OSSL_Api.osDrawLine(String drawList, Int32 startX, Int32 startY, Int32 endX, Int32 endY) in c:\dev\opensim\trunk\OpenSim\Region\ScriptEngine\Shared\Api\Implementation\OSSL_Api.cs:Zeile 525.
   bei System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   bei System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(RuntimeMethodHandle md, Object[] args, Object server, Int32 methodPtr

This isn't really helpful. I would like to read something like this (in chat log as in SL):
Primitive: [script: New Script]: OSSL Runtime Error: osDrawLine: permission denied

And even more, a stack trace reveals a lot of your privacy!!
3) try a script that's in the Steps to Reproduce

4) watch the output on the debug channel and you can see the windows account name you are running your regions server with:

Primitive: Runtime error:
   bei OpenSim.Region.ScriptEngine.Shared.LSL_Types.LSLInteger.op_Division(LSLInteger i1, Int32 i2) in c:\dev\opensim\trunk\OpenSim\Region\ScriptEngine\Shared\LSL_Types.cs:Zeile 1560.

   bei SecondLife.Script.default_event_touch_start(LSLInteger num) in c:\Dokumente und Einstellungen\JOHN DOE\Lokale Einstellungen\Temp\1dqh6w_j.0.cs:Zeile 12.

I think many regions server owners are not aware of this issue, this should be fixed ASAP

Steps To Reproducedefault
        llSetText("Runtime Error",<1,0,0>,1.0);
    touch_start(integer num)
        llSay(0, "touch start");
        integer i = 1 / 0; // to raise a run-time error
TagsNo tags attached.
Git Revision or version numbermaster
Run Mode Standalone (Multiple Regions)
Physics EngineODE
Script Engine
Environment.NET / Windows32
Mono VersionNone
Attached Files

- Relationships

-  Notes
mirceakitsune (reporter)
2008-10-11 03:46

Can confirm. Not sure if it's about the same configuration exactly but I get tons of runetime error messages on my sim constantly, and surprisingly enough only because I have two scripts containing timer() events running at the same time in-world (nothing to do with OSSL events in my case so I hope this still fits here). This also happens on both DotNetEngine and xEngine surprisingly enough.
Teravus (administrator)
2008-10-11 05:31

Agreed, this is an important issue. Confirming it.
makopoppo (manager)
2011-08-08 06:32

Permission error's one is already fixed. Displaying absolute path is still an issue in OpenSim 0.7.2-dev.

- Issue History
Date Modified Username Field Change
2008-10-11 03:37 tyre New Issue
2008-10-11 03:37 tyre SVN Revision => 6786
2008-10-11 03:37 tyre Run Mode => Standalone (Multiple Regions)
2008-10-11 03:37 tyre Physics Engine => ODE
2008-10-11 03:37 tyre Environment => .NET / Windows32
2008-10-11 03:40 tyre Priority normal => high
2008-10-11 03:46 mirceakitsune Note Added: 0005896
2008-10-11 05:31 Teravus Note Added: 0005900
2008-10-11 05:31 Teravus Status new => confirmed
2010-01-07 11:03 Fly-Man- Git Revision => master
2010-01-07 11:03 Fly-Man- Mono Version => None
2010-01-07 11:03 Fly-Man- Product Version => master
2010-01-07 11:03 Fly-Man- Summary Inworld display of runtime error messages are not really helpful and too chatty -> security issue => Inworld display of runtime error messages are too chatty -> security issue
2010-01-07 11:03 Fly-Man- Description Updated
2010-01-07 11:03 Fly-Man- Steps to Reproduce Updated
2011-08-08 06:32 makopoppo Note Added: 0019437

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker