Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008007opensim[REGION] Script Functionspublic2016-08-25 11:562018-08-27 04:27
Reportergreg0254 
Assigned To 
PrioritynormalSeveritytweakReproducibilityalways
StatusacknowledgedResolutionopen 
PlatformPCOSWindowsOS Version10
Product Versionmaster (dev code) 
Target VersionFixed in Version 
Summary0008007: Defaults in osslenable.ini are not in line with threat levels for functions-- recommended tweaks
DescriptionThere are several functions with a threat level of None or VeryLow which are currently being restricted from all besides the estate owner and estate manager. They are useful functions that I believe should be set to TRUE so they are available for anyone to use by default.

osGetAgents
osGetAvatarList
osTeleportOwner
osInviteToGroup
osSetDynamicTextureData
osSetDynamicTextureDataBlend
osSetDynamicTextureDataBlendFace
osSetDynamicTextureURL
osSetDynamicTextureURLBlend
osSetDynamicTextureURLBlendFace
osAvatarName2Key

I have scripted object on various grids that make sure of these functions, which has not been an issue in the past. However, when a grid implements a more recent version of opensim (as Virtual Highway did recently), it prevents these functions from running. (Yes, I do have a vested interest in this; however I think it's a change that will benefit everyone)
TagsNo tags attached.
Git Revision or version numberd5f376a4b10ffdb5acc17d4e350a0a523ba0e9f5
Run Mode Grid (1 Region per Sim)
Physics EngineBulletSim
Script Engine
Environment.NET / Windows32
Mono VersionNone
Viewer
Attached Files

- Relationships

-  Notes
(0031058)
Robert Adams (administrator)
2016-08-25 13:28

These are restricted because they allow griefing and region overload. Invite to group can be used to bug everyone around (fetched with osGetAvatarList). The dynamic texture functions create new assets and thus can easily overload the local cache and the grid asset server with many, many generated textures.

Thus all these fall under the category of "only to be used in scripts you trust" and not just any ol' script. That is why their default is to only allow the restricted set of users.
(0031059)
Mata Hari (reporter)
2016-08-26 06:17

In addition to that, remember that by many people do allow visitors to run scripts in their regions which means setting a low threat level for those means people can grief via HUD or worn attachment even if they don't have build rights.

One would hope that most hosting service providers would thoroughly and carefully check any changes to settings in the various ini files and adjust them according to their users' needs prior to applying an update.
(0031060)
greg0254 (reporter)
2016-08-26 10:07

Okay. In that case, the threat level for these functions should be changed to high. It makes no sense for one source to say they are not a threat, and another to say they are.
(0031061)
greg0254 (reporter)
2016-08-26 10:22

What about osTeleportOwner? I would still vote for that to remain open, since it only teleports the owner of the object, and it allows hypergrid teleports. If the concern is people receiving a HUD that unknowingly teleports them, then the function could be changed to require them to grant permissions first if the script is not owned by an estate owner or manager.
(0031062)
UbitUmarov (administrator)
2016-08-26 10:27

greg override the settings you need on opensim.ini (or better on file you include there)
this way they remain as you like.
Our defaults can change, according to our view of the best setting for the majority of users.
(0031064)
greg0254 (reporter)
2016-08-27 14:18

I will shut up about this. Of course I know I can change the settings on my own grid. I was trying to address two things. First, there is now an inconsistency between the way that threat levels are assigned to some functions and way that osslenable.ini treats the same functions. If a function is truly dangerous because of griefing potential, then you should set the threat level higher.

The second concern I had was that I do have opensim products in stores that make use of some of theses functions, and they will be rendered useless on grids that upgrade to the latest version and choose to leave the defaults as is. I understand the points that were made, and I accept the fact that this is my problem and I will deal with it as needed.
(0031065)
UbitUmarov (administrator)
2016-08-27 14:30

We will review that at some point.
The defines at OpensimDefaults.ini do override the code settings,
so sometimes its just faster changing there than on both places.
guess that's why we now have a desync and possible its time to review :)
thx for remembering this.
(0031073)
Seth Nygard (reporter)
2016-08-28 10:17

I believe all the OSSL functions and their defined threat levels should be reviewed and revised as necessary. I don't think many people understand even how a threat level has been defined. I never use the threat levels to decide a functions permission level but I know many who do.

Determine the "best" threat level to assign to a specific function is not so easy in some cases. Depending on its use and everyone's expectations opinions will vary.
(0032892)
Fly-Man- (developer)
2018-08-27 04:27

I think with the new xEngine and yEngine it's a good moment to go through all the functions and see what threat level they should get.

Grid owners can always deviate from those default settings if they want

- Issue History
Date Modified Username Field Change
2016-08-25 11:56 greg0254 New Issue
2016-08-25 13:28 Robert Adams Note Added: 0031058
2016-08-26 06:17 Mata Hari Note Added: 0031059
2016-08-26 10:07 greg0254 Note Added: 0031060
2016-08-26 10:22 greg0254 Note Added: 0031061
2016-08-26 10:27 UbitUmarov Note Added: 0031062
2016-08-27 14:18 greg0254 Note Added: 0031064
2016-08-27 14:30 UbitUmarov Note Added: 0031065
2016-08-28 10:17 Seth Nygard Note Added: 0031073
2018-08-27 04:27 Fly-Man- Note Added: 0032892
2018-08-27 04:27 Fly-Man- Status new => acknowledged


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker