[Opensim-dev] Proposal: Enable ossl functions by default
Mister Blue
misterblue at misterblue.com
Fri Apr 10 12:40:59 UTC 2015
This email is to start the discussion about enabling the 'ossl' functions
by default.
OpenSimulator has many additional LSL scripting functions[1][2]. These
functions are never used because they are off by default. Any region
operator can enable them but most do not. Since they are not available,
OpenSimulator is not as cool as it could be and some necessary scripting is
not possible[3].
Why are they off by default? Two reasons: compatibility and security.
'Compatibility' is because some people believe that keeping LSL scripts
compatible to SL is important. 'Security' because some of the 'ossl'
functions are Really Dangerous and present amazing griefing opportunities.
For 'compatibility' I would suggest those few region operators that care
just turn off the 'ossl' functions[4].
For 'security', I am not suggesting turning on all the 'ossl' functions but
only enabling the safer ones in all cases and controlling access to the
other functions.
The 'ossl' functions are grouped by ThreatLevel[5] which is a rough
estimation of how dangerous the function is. 'dangerous' is an evaluation
of how much damage the function can do to region operation if used by naive
or malicious scripters. Even with the threat levels, the 'ossl' functions
can be individually enabled for everyone, parcel or estate owner or member.
I propose to make the following addition to OpenSim.ini[6][7]:
===================BEGIN ADDITION ========================
[XEngine]
AllowModFunctions = true
AllowOSFunctions = true
AllowLightshareFunctions = true
OSFunctionThreatLevel = VeryLow
; TreatLevel None
Allow_OsDrawEllipse = true
Allow_OsDrawFilledPolygon = true
Allow_OsDrawFilledRectangle = true
Allow_OsDrawImage = true
Allow_OsDrawLine = true
Allow_OsDrawPolygon = true
Allow_OsDrawRectangle = true
Allow_OsDrawText = true
Allow_OsGetAgents =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetAvatarList =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetCurrentSunHour = true
Allow_OsGetHealth = true
Allow_OsGetInventoryDesc = true
Allow_OsGetMapTexture = true
Allow_OsGetRezzingObject = true
Allow_OsGetSunParam = true
Allow_OsGetTerrainHeight = true
Allow_OsIsUUID = true
Allow_OsList2Double = true
Allow_OsMax = true
Allow_OsMin = true
Allow_OsMovePen = true
Allow_OsParseJSON = true
Allow_OsParseJSONNew = true
Allow_OsSetFontName = true
Allow_OsSetFontSize = true
Allow_OsSetPenCap = true
Allow_OsSetPenColor = true
Allow_OsSetPenSize = true
Allow_OsSetSunParam =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsTeleportOwner = true
Allow_OsWindActiveModelPluginName = true
; TreatLevel Nuisance
Allow_OsSetEstateSunSettings = ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetRegionSunSettings = ESTATE_MANAGER,ESTATE_OWNER
; TreatLevel Very Low
Allow_OsGetDrawStringSize = true
Allow_OsGetWindParam = true
Allow_OsReplaceString = true
Allow_OsSetDynamicTextureData =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetDynamicTextureDataBlend =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetDynamicTextureDataBlendFace =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetDynamicTextureURL =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetDynamicTextureURLBlend =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetDynamicTextureURLBlendFace =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetParcelMediaURL =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetParcelSIPAddress =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetPrimFloatOnWater = true
Allow_OsSetWindParam =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsTerrainFlush = ESTATE_MANAGER,ESTATE_OWNER
Allow_OsUnixTimeToTimestamp = true
; TreatLevel Low
Allow_OsAvatarName2Key = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsFormatString = true
Allow_OsKey2Name = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsListenRegex = true
Allow_OsLoadedCreationDate =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsLoadedCreationID =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsLoadedCreationTime =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsMessageObject = true
Allow_OsRegexIsMatch = true
; TreatLevel Moderate
Allow_OsDropAttachment = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsDropAttachmentAt = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetGridCustom = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetGridGatekeeperURI = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetGridHomeURI = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetGridLoginURI = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetGridName = true
Allow_OsGetGridNick = true
Allow_OsGetNumberOfAttachments
=PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetRegionStats =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetSimulatorMemory =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsMessageAttachments =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetSpeed =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
; TreatLevel High
Allow_OsCauseDamage = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsCauseHealing = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsForceDropAttachment = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsForceDropAttachmentAt = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetAgentIP = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetLinkPrimitiveParams =PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetPhysicsEngineType = true
Allow_OsGetPrimitiveParams = true
Allow_OsGetRegionMapTexture =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsGetScriptEngineName = true
Allow_OsGetSimulatorVersion = true
Allow_OsMakeNotecard =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsMatchString = true
Allow_OsNpcCreate = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsNpcMoveTo = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsNpcPlayAnimation = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsNpcRemove = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsNpcSay = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsNpcShout = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsNpcSit = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsNpcStand = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsNpcStopAnimation = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsNpcTouch = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsNpcWhisper = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsParcelJoin = ESTATE_MANAGER,ESTATE_OWNER
Allow_OsParcelSubdivide = ESTATE_MANAGER,ESTATE_OWNER
Allow_OsRegionRestart = ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetContentType = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetParcelDetails = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetPrimitiveParams = true
Allow_OsSetProjectionParams =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetRegionWaterHeight = ESTATE_MANAGER,ESTATE_OWNER
Allow_OsSetStateEvents = false
Allow_OsSetTerrainHeight = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
; TreatLevel VeryHigh
Allow_osAvatarPlayAnimation = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_osAvatarStopAnimation = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetNotecard =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetNotecardLine =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetNumberOfNotecardLines =
PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetRegionNotice = ESTATE_MANAGER,ESTATE_OWNER
Allow_osSetParcelDetails = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
; TreatLevel Severe
Allow_osKickAvatar = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_osTeleportAgent = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
Allow_osConsoleCommand = false
===================END ADDITION ========================
Putting all this in OpenSim.ini will make clear what permissions can be set
and what one is giving away.[8]
Well, what do you all think?
== mb
[1] http://opensimulator.org/wiki/OSSL
[2] http://opensimulator.org/wiki/Category:OSSL_Functions
[3] The particular use I'm running up against is vehicle scripts needing to
know which physics engine is being used in the region.
[4] Region operators who want SL compatability are most likely people who
have built their own configuration file system anyway so they are not using
the default OpenSimulator configuration files in any case.
[5] http://opensimulator.org/wiki/Threat_level
[6] the 'mod' functions are an LSL language extension system that allows
new OpenSimulator modules to easily add functions and constants to the
scripting language. See
http://opensimulator.org/wiki/OSSL_Script_Library/ModInvoke. Future emails
will expound on this feature.
[7] one suggestion is to put this permission list in a new INI file that is
included into OpenSim.ini rather than directly into OpenSim.ini.
[8] If a region is selling parcels, some of the PARCEL_* permissions might
need removing. A note to this effect could be added.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20150410/7af5ecf7/attachment.html>
More information about the Opensim-dev
mailing list