Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008418opensim[REGION] Script Functionspublic2018-12-09 03:382018-12-11 14:39
Reporterunregi 
Assigned To 
PrioritynormalSeveritytweakReproducibilityalways
Statuspatch includedResolutionopen 
PlatformOSOS Version
Product Version0.9.0.1 
Target VersionFixed in Version 
Summary0008418: Implement ossl funtion to test Threat Level
DescriptionIt would be a big improvement if we would be able to check if ossl functions area allowed or not, so that we can implement some fallback or have just limited functionality if they are not allowed, instead of having the script just die with an Error message.

Attached is a patch for a Implementation of osCheckThreatLevel that returns OS_THREAT_ENABLED, OS_THREAT_DISABLED or OS_THREAD_NA (function doesn't exist or doesn't do any threat level checks)-
TagsNo tags attached.
Git Revision or version number
Run Mode Grid (1 Region per Sim)
Physics EngineBulletSim
EnvironmentMono / Linux64
Mono Version5.x
Viewer
Attached Filespatch file icon 0001-Add-osCheckThreatLevel.patch [^] (71,750 bytes) 2018-12-09 03:38 [Show Content]
? file icon dependency-test.lsl [^] (953 bytes) 2018-12-11 13:10

- Relationships

-  Notes
(0033612)
UbitUmarov (administrator)
2018-12-11 11:02

thanks
but patch on ice, for now.
(0033613)
melanie (administrator)
2018-12-11 11:45

That test would allow scripts to test which malicious behaviour they can get away with :(
(0033614)
unregi (reporter)
2018-12-11 12:13

There is a script out there that does already test which functions are available, someone posted it on IRC. It's throwing errors for every function that fails, but its still getting a list of all allowed functions back.
(0033615)
BillBlight (developer)
2018-12-11 12:15

the difference is that script takes some work to log what works and doesn't , you have to do it manually ..

this one could just IM you or store it in a note.
(0033616)
unregi (reporter)
2018-12-11 13:09

Will link one just for reference:
https://forum.hypergrid.org/opensim-scripting/script-ossl-function-check-threat-level-moderate-t2941.html [^]
This will check a whole list of function and give you a nice list of available functions back and you can do whatever you want with it :)

Also attaching a script that's making a basic dependency check if required functions are available before running it.

I am not much a fan of security through obscurity. But i get your legit concerns.
(0033617)
BillBlight (developer)
2018-12-11 13:20

That script will also throw an error to the debug window letting owner know someone tried to do it, and not silently like this function would.
(0033618)
melanie (administrator)
2018-12-11 13:54

That is because someone changed away from my original design. My original design was to hard stop the script. Make it so the user had to reset it, with all attendant loss of data gathered. Someone then later designed to make script error failures soft rather than hard. Since then, it has become exploitable.
(0033619)
unregi (reporter)
2018-12-11 14:14
edited on: 2018-12-11 14:15

@bill Yes, a function for it wouldn't make much sense otherwise, if it wouldn't make it more userfriendly ;)

The Debug window message makes the check very inconvenient for everybody who wants to use it for good stuff, because even if he prints a long message explaining why this doesn't work on Nearby Chat, the user, scared from that red written message, will ask for help and complain that the script doesn't work.

At the same time, a griefer won't care about those Debug messages, he wants to destroy things anyway.
Lets just get some esample, a griefer joins your sim with a script:
  Check if osNpcRemove is available -> if yes, remove all NPCs
  Check if osSetTerreinTexture is available -> if yes, everything rainbow colors
  Then do some basic particle and rezzer spaming and whatever griefers usually do in SL
If you have a misconfiguration and he is allowed to set Terrain Texture, how will the Debug message, that you got 0.1s ago when the script checked if its allowed to mess with NPCs, save you from getting your sim changed to rainbow land?

(0033620)
BillBlight (developer)
2018-12-11 14:16

My statement about the debug window was it alerts the sim owner and everyone on the sim that someone is snooping your region for what functions are enabled.

This function would conceal that.
(0033621)
unregi (reporter)
2018-12-11 14:36

What advantage does this give you against griefers?
(0033622)
BillBlight (developer)
2018-12-11 14:39

well, you then know who was on the region when it happened.

- Issue History
Date Modified Username Field Change
2018-12-09 03:38 unregi New Issue
2018-12-09 03:38 unregi File Added: 0001-Add-osCheckThreatLevel.patch
2018-12-09 03:40 unregi Status new => patch included
2018-12-11 11:02 UbitUmarov Note Added: 0033612
2018-12-11 11:45 melanie Note Added: 0033613
2018-12-11 12:13 unregi Note Added: 0033614
2018-12-11 12:15 BillBlight Note Added: 0033615
2018-12-11 13:09 unregi Note Added: 0033616
2018-12-11 13:10 unregi File Added: dependency-test.lsl
2018-12-11 13:20 BillBlight Note Added: 0033617
2018-12-11 13:54 melanie Note Added: 0033618
2018-12-11 14:14 unregi Note Added: 0033619
2018-12-11 14:15 unregi Note Edited: 0033619 View Revisions
2018-12-11 14:16 BillBlight Note Added: 0033620
2018-12-11 14:36 unregi Note Added: 0033621
2018-12-11 14:39 BillBlight Note Added: 0033622


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker