Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008482opensim[GRID] Other Servicepublic2019-02-14 17:462019-02-16 10:47
ReporterBillBlight 
Assigned To 
PrioritynormalSeveritytweakReproducibilityN/A
StatusnewResolutionopen 
PlatformOSOS Version
Product Versionmaster (dev code) 
Target Versionmaster (dev code)Fixed in Version 
Summary0008482: Remove llEmail and replace with os function that can be secured.
DescriptionUsing the current llEmail function , should the current module get fixed to work in an easier way for users, it basically turns your region into an open relay mail server since anybody with scripting rights can use ll functions.

Propose replacing it with an os ONLY function that can be secured via the osslEnable.ini
TagsNo tags attached.
Git Revision or version number
Run ModeStandalone (1 Region) , Standalone (Multiple Regions) , Grid (1 Region per Sim) , Grid (Multiple Regions per Sim)
Physics EngineBasicPhysics, ODE, BulletSim, ubODE
EnvironmentUnknown, Mono / Linux32, Mono / Linux64, Mono / Windows, Mono / OSX, .NET / Windows32, .NET / Windows64
Mono Version5.x
Viewer
Attached Files

- Relationships

-  Notes
(0034757)
paela argus (reporter)
2019-02-14 17:48

If the function is classified as severe
(0034758)
BillBlight (developer)
2019-02-14 17:51

I don't disagree with that threat level at all ..
(0034760)
kcozens (administrator)
2019-02-14 18:21

Replacing this function with something else is going to break a lot of vendor scripts that use the function to notify their owner when a sale has been made.

If a grid owner wants to ensure this function can't be used as a mail relay or to send spam the RestrictEmail setting in [LL-Functions] in the file OpenSimDefaults.ini should be set to true. If set to true the owner of the script can email themself but no one else. Based on the issue raised here perhaps the default for the setting should be true.
(0034761)
paela argus (reporter)
2019-02-14 18:22

Script or Region ?
(0034762)
paela argus (reporter)
2019-02-14 18:27

so in the name of a minority that uses this function this security must remain unchanged?
I do not see why LL function secures mail sending.
Linden lab uses functions on the server to secure not only on the software Simulator (2010) if they removed it they are really stupid (which would not surprise me at all)
(0034765)
devigor (reporter)
2019-02-14 20:22
edited on: 2019-02-14 20:27

Maybe I've missed something, but i wonder how to send email to prim or user even only from my os grid? So i don't really understand if it's possible to send to users from others grids. Only if there will be used some main (centraliazed) usersdB (like linden's one and only). Every 3rd (i think according to visiters of my grid) person uses own server standalone or Hypergrid.

And more question is how osgrid and opensim differs in its security?

P.S. About SLL - there ara OpenSSL 3.0.0-dev sources on GitHub which could be used for EMAIL module : TSL/SLL (including SSLv3) fully featured.

(0034766)
paela argus (reporter)
2019-02-14 20:28
edited on: 2019-02-14 20:36

There is no reason why from a simulator all users emails can be read or used for spamming purposes;
This is why it is important that the saved mails are not in UserAccounts.
If the mails are in UserAccounts then everyone can have access to the mail of people if they are resourceful, which for me is a huge issue of security and intrusion in the real life of people!
This option send mail a great in a grid closed like SecondLife but not in OpenSimulator for some security reason and laws European too

The new SMTP mailing standard is TLS, which remains the most secure of SSL has too much security problem.
I would say that you should use only the TLS protocol for sending mail as well with your web server (apache2 nginx etc. ..) your website certificates must be in TLS if you have one.

For the hg isnt possible to contact that user by mail if the user not give it by other way,

(0034768)
paela argus (reporter)
2019-02-14 20:46

( Warning move user mail break OfflineV2 option send mail at user offline, this way need too a important work of security )
(0034769)
devigor (reporter)
2019-02-14 21:43
edited on: 2019-02-14 21:58

well then option is to use emals inside grid. like i said for prims could use to send between each other on a distand (different regions). script porpueses. and users.
To avoid unwanted mail - add at account option to turn off receive emails from grid.

There are not much reasons to emailing between other grids anyway.

(0034770)
paela argus (reporter)
2019-02-15 03:21
edited on: 2019-02-15 03:22

You can build your e-mail send in http request which is already safer, and use a php file that will do the job of sending the mail to the person.
Its a huge job but its the safest rest of all with only 1 script on the region you can handle all your lands etc, you do not need to create a script for each field to do the management of sale of land for example.

A well-written LSL http request and a well-written php is better than the OpenSim simulator's internal Email function.
Remember to secure the ip the request http.

OpenSim Email for me is a bullshit badly written at the time, and now that make serious problem with the current laws in force in Europe.

So this function should be deleted or rewritten to respect the law or a lot of grid will one day or another have problems with Europe and a closed domain and an almond for if it can still hurt!

(0034771)
tampa (reporter)
2019-02-15 03:35

@paela argus There currently is no statute against things like sendmail and the like and forcing compliance with privacy and anti-spam laws into OpenSim opens up liability toward the project rather than leaving it at the user level. Though I agree that llEmail is about as poorly written as it gets.

llEmail is not in any more danger of creating spam than any other function and realistically creating spam through it is a lot harder than simply abusing sendmail directly. Same goes for httprequest or other external-facing functions.

Removing the function is not an option due to breaking compatibility. Why not simply add ossl-like permissions to the function without renaming it, I don't see why that would be difficult.
(0034772)
devigor (reporter)
2019-02-15 05:08

@paela argus, this is not a problem using php/mysql for it same way i sujjested above in previouse tread. For useraccounting/ sendmail. Besides i had my http servers at "LLSecondlife" which had to do job with my php web server. But it is not that everyone,every grid has to develop for its own needs. Its about OpenSim engine and its emaile module ability to make ppl happy using scripting with email thing. :-)
(0034773)
devigor (reporter)
2019-02-15 05:19

@tampa i agree with you about no real security nesserey / danger about LLEmail. More dangers from greaffing/fraud etc.. But i had no seen this at OpenSim unlike i seen at LLSL couple times. Building antifraud script or buying ready one was the option. :)
Yet again - i think llEmail module could be updated. with implemetation some near security features we derscussed here about. And adding option to not receive emails from server. That is much enough to make module good.
Abaility to send mails no to smtp server buit directly to "local mail" ingame for serndindig between users during game (not offline to Email Box RL) ..
(0034776)
paela argus (reporter)
2019-02-15 08:18

I think you are far from knowing European laws but I let OpenSim do not be my project otherwise it would not be written as well.
Yes it is also the responsibility of OpenSim too, to let the mails visible to the eyes of all is contrary to the new European law and must be corrected without waiting,
The OpenSim module for sending emails is dangerous because it opens the possibility of finding all the mails of the users of a grid which does not protect the mail accounts either by leaving them in UserAccount
(0034777)
tampa (reporter)
2019-02-15 08:29

@paela argus, I live in Europe and run a company here so trust me I have done my homework when it comes to that. OpenSim as a project is not required to add compliance for EU law, compliance lies with the user, in this case the grid or region operator. If you use a software or part of a software that is not compliant then that failure is with them not OpenSim.

While securing the system against outside attacks is a reasonable thing to implement, proper security is something the user has to ensure or not use the system. Specifically in reference to GDPR the "we need to secure all the things" mentality is blown out of proportions. In many EU countries there are already privacy laws stating how personal data is to be handled, these sometimes even exceed the EU mandate and country law comes first. Add to this that a proper privacy policy ensures the user is aware that OpenSim has security holes and them complying to the usage of OpenSim in that sense waiving the implication of the violation entirely.

It boils down to the fact that OpenSim is not required to comply with laws that have a bearing and burden on the user; the operators are responsible not the developer.
(0034778)
devigor (reporter)
2019-02-15 10:03
edited on: 2019-02-15 10:09

OK let's say directly in Europe I do not live, yet with a years of experience in programming and engineering, and I'm not a teenager :-))) , I can say that it will not be a big problem to break into the host of any server and get access to its database. But why? Speaking of mailers, take Google - I have a big pile of spam coming, but why? Yes, because I leave my data on the Internet, private and state organizations, and they are accessed by third parties for advertising or spam other things. Public network , which is OPENSIM, implies the responsibility of each player, and not the pursuit of goals to use it to harm or conquer the world. :- ) It's all offtopic at the moment. And as far as I can remember, the security of the Lindons didn't protect them at the time from hacking their servers, and stealing large amounts of Lindons. And the laws of the country can't protect you
from committing a crime, they can only describe what you can't do.

Back to llEmail - the purpose of using it for the exchange of messages within the network, and the use of offline messages. on the same example of Lindons. By using the open network, you agree That the data is known to be open and the sources are available on the Internet. Having them anyone can learn how to write code to bypass the protections that come up in it. So easier or not to play it and you will not be at risk. Either accept that llEmail is a small speck that is already a danger somehow. The topic of the protection of servers, data leakage is very large, and again offtopic here. :-) Let's get back to the module as it olasiti and that it still need. Protection is already the responsibility of the host administrator of each server.

Im sorry for tooo much offtopic text in here.

(0034779)
paela argus (reporter)
2019-02-16 08:41

@Tampa Your equals are really oversized very expensive.
I understand your name on OpenSim and maybe you are a parasite to the project!
(0034785)
BillBlight (developer)
2019-02-16 10:47

I have done the initial patches for this, and after some testing will post them here, but want to test for a while ..

Created osEmail (severe threat level) and osGetNextEmail (very high threat level) as standalone functions not needing llEmail .

Added an extra config option to completely disable llEmail.

Need to make sure they don't blow up first ...

- Issue History
Date Modified Username Field Change
2019-02-14 17:46 BillBlight New Issue
2019-02-14 17:48 paela argus Note Added: 0034757
2019-02-14 17:51 BillBlight Note Added: 0034758
2019-02-14 18:21 kcozens Note Added: 0034760
2019-02-14 18:22 paela argus Note Added: 0034761
2019-02-14 18:27 paela argus Note Added: 0034762
2019-02-14 20:22 devigor Note Added: 0034765
2019-02-14 20:27 devigor Note Edited: 0034765 View Revisions
2019-02-14 20:28 paela argus Note Added: 0034766
2019-02-14 20:29 paela argus Note Edited: 0034766 View Revisions
2019-02-14 20:31 paela argus Note Added: 0034767
2019-02-14 20:35 paela argus Note Edited: 0034766 View Revisions
2019-02-14 20:35 paela argus Note Deleted: 0034767
2019-02-14 20:35 paela argus Note Edited: 0034766 View Revisions
2019-02-14 20:36 paela argus Note Edited: 0034766 View Revisions
2019-02-14 20:46 paela argus Note Added: 0034768
2019-02-14 21:43 devigor Note Added: 0034769
2019-02-14 21:58 devigor Note Edited: 0034769 View Revisions
2019-02-15 03:21 paela argus Note Added: 0034770
2019-02-15 03:22 paela argus Note Edited: 0034770 View Revisions
2019-02-15 03:35 tampa Note Added: 0034771
2019-02-15 05:08 devigor Note Added: 0034772
2019-02-15 05:19 devigor Note Added: 0034773
2019-02-15 08:18 paela argus Note Added: 0034776
2019-02-15 08:29 tampa Note Added: 0034777
2019-02-15 10:03 devigor Note Added: 0034778
2019-02-15 10:05 devigor Note Edited: 0034778 View Revisions
2019-02-15 10:06 devigor Note Edited: 0034778 View Revisions
2019-02-15 10:09 devigor Note Edited: 0034778 View Revisions
2019-02-16 08:41 paela argus Note Added: 0034779
2019-02-16 10:47 BillBlight Note Added: 0034785


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker