[Opensim-dev] osNPCxxx functions vs security
Justin Clark-Casey
jjustincc at googlemail.com
Wed Jul 4 23:32:01 UTC 2012
I prefer option 3, since it would be identical to LSL functions and hence in line with user expectations. Like the LSL
delays, these would still be configurable.
Option 3 is also simpler than option 2, which starts to involve complicated record-keeping. It also doesn't prejudice
adding this in the future if it proves really necessary.
Without these limits, a large number of allowed OSSL functions could be problematic, osNpcCreate for instance. I think
the most likely scenario is badly written scripts.
On 04/07/12 19:12, Argus wrote:
> Hi.
>
> Last week a new Patch was postet by Talun in mantis (6063) with a new feature not implemented yet, osNPCToch which
> enables NPCs to trigger the touch-event in scripted object. As cool as this first sounds, there are some security issues
> which should be adressed... or not
>
> As justin pointed out, the discussion should best be made here and not on mantis. I think the goal of the discussion
> should maybe be to end with a general security guidline for future and current implementation of NPC's in lsl /ossl?
> This might also include some changes to the existing functions if a general consensus is found.
>
> Generaly NPC's and their functions need to be manualy enabled by the region owner, which limits NPC security issues to
> those regions were NPC are allowed. However, it is thinkable that griefers, neighbours or buggy scripts create security
> issues on a region which result in spam or even crash the region/sim/server.
>
> In lsl the solution is to have a forced scriptdelays in functions that could be used negativly, e.g. llInstantMessage
> with 2 seconds delay or limited amount of repeated use per minute.
>
> In the case of osNPCTouch, we have 1 NPC which can touch over 1000 objects within 1 second. In this case NPCs can be
> used to block items from beeing touched or depending on the scripts touched might even crash a region/sim/server due to
> many active scripts doing some work.
>
> So should osNPCxxx functions generaly have limits were griefing/crashes are possible and how should the limit be?
> Basicaly we have 3 option:
>
> 1) we dont implement any limitation and accept that very seldomly some griefing can happen. Worst case scenario means
> restoring some region backups after an attack...
> 2) we could limit the functions to max amount of uses per minute. This allows the normal scripts to run fast untill the
> limit is reached. The limit is high enough for the normal uses, but causes a silent failure after the limit is reached.
> 3) we could add a delay to functions. The script is always "slow" even if not beeing used for griefing.
>
> I personaly would prefer 2, limation per minute. This enables one to give certain NPC rights to trusted parcelowners
> without the fear of some dispute between parcel neighbours ending in a total server crash.
>
> regard
> Michelle
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
--
Justin Clark-Casey (justincc)
http://justincc.org/blog
http://twitter.com/justincc
More information about the Opensim-dev
mailing list