[Opensim-dev] osNPCxxx functions vs security
Argus
argus at archimuh.de
Wed Jul 4 18:12:10 UTC 2012
Hi.
Last week a new Patch was postet by Talun in mantis (6063) with a new
feature not implemented yet, osNPCToch which enables NPCs to trigger the
touch-event in scripted object. As cool as this first sounds, there are
some security issues which should be adressed... or not
As justin pointed out, the discussion should best be made here and not
on mantis. I think the goal of the discussion should maybe be to end
with a general security guidline for future and current implementation
of NPC's in lsl /ossl? This might also include some changes to the
existing functions if a general consensus is found.
Generaly NPC's and their functions need to be manualy enabled by the
region owner, which limits NPC security issues to those regions were NPC
are allowed. However, it is thinkable that griefers, neighbours or buggy
scripts create security issues on a region which result in spam or even
crash the region/sim/server.
In lsl the solution is to have a forced scriptdelays in functions that
could be used negativly, e.g. llInstantMessage with 2 seconds delay or
limited amount of repeated use per minute.
In the case of osNPCTouch, we have 1 NPC which can touch over 1000
objects within 1 second. In this case NPCs can be used to block items
from beeing touched or depending on the scripts touched might even
crash a region/sim/server due to many active scripts doing some work.
So should osNPCxxx functions generaly have limits were griefing/crashes
are possible and how should the limit be? Basicaly we have 3 option:
1) we dont implement any limitation and accept that very seldomly some
griefing can happen. Worst case scenario means restoring some region
backups after an attack...
2) we could limit the functions to max amount of uses per minute. This
allows the normal scripts to run fast untill the limit is reached. The
limit is high enough for the normal uses, but causes a silent failure
after the limit is reached.
3) we could add a delay to functions. The script is always "slow" even
if not beeing used for griefing.
I personaly would prefer 2, limation per minute. This enables one to
give certain NPC rights to trusted parcelowners without the fear of some
dispute between parcel neighbours ending in a total server crash.
regard
Michelle
More information about the Opensim-dev
mailing list