[Opensim-dev] Proposal: Enable ossl functions by default
Michael Emory Cerquoni
nebadon2025 at gmail.com
Fri Apr 10 14:41:13 UTC 2015
+1 from me as well
On Fri, Apr 10, 2015 at 9:32 AM, Frank Nichols <j.frank.nichols at gmail.com>
wrote:
> I am 100% in favor of this!
>
> Frank
>
> On Apr 10, 2015, at 8:40 AM, Mister Blue <misterblue at misterblue.com>
> wrote:
>
> This email is to start the discussion about enabling the 'ossl' functions
> by default.
>
> OpenSimulator has many additional LSL scripting functions[1][2]. These
> functions are never used because they are off by default. Any region
> operator can enable them but most do not. Since they are not available,
> OpenSimulator is not as cool as it could be and some necessary scripting is
> not possible[3].
>
> Why are they off by default? Two reasons: compatibility and security.
> 'Compatibility' is because some people believe that keeping LSL scripts
> compatible to SL is important. 'Security' because some of the 'ossl'
> functions are Really Dangerous and present amazing griefing opportunities.
>
> For 'compatibility' I would suggest those few region operators that care
> just turn off the 'ossl' functions[4].
>
> For 'security', I am not suggesting turning on all the 'ossl' functions
> but only enabling the safer ones in all cases and controlling access to the
> other functions.
>
> The 'ossl' functions are grouped by ThreatLevel[5] which is a rough
> estimation of how dangerous the function is. 'dangerous' is an evaluation
> of how much damage the function can do to region operation if used by naive
> or malicious scripters. Even with the threat levels, the 'ossl' functions
> can be individually enabled for everyone, parcel or estate owner or member.
>
> I propose to make the following addition to OpenSim.ini[6][7]:
> ===================BEGIN ADDITION ========================
> [XEngine]
> AllowModFunctions = true
> AllowOSFunctions = true
> AllowLightshareFunctions = true
>
> OSFunctionThreatLevel = VeryLow
>
> ; TreatLevel None
> Allow_OsDrawEllipse = true
> Allow_OsDrawFilledPolygon = true
> Allow_OsDrawFilledRectangle = true
> Allow_OsDrawImage = true
> Allow_OsDrawLine = true
> Allow_OsDrawPolygon = true
> Allow_OsDrawRectangle = true
> Allow_OsDrawText = true
> Allow_OsGetAgents =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetAvatarList =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetCurrentSunHour = true
> Allow_OsGetHealth = true
> Allow_OsGetInventoryDesc = true
> Allow_OsGetMapTexture = true
> Allow_OsGetRezzingObject = true
> Allow_OsGetSunParam = true
> Allow_OsGetTerrainHeight = true
> Allow_OsIsUUID = true
> Allow_OsList2Double = true
> Allow_OsMax = true
> Allow_OsMin = true
> Allow_OsMovePen = true
> Allow_OsParseJSON = true
> Allow_OsParseJSONNew = true
> Allow_OsSetFontName = true
> Allow_OsSetFontSize = true
> Allow_OsSetPenCap = true
> Allow_OsSetPenColor = true
> Allow_OsSetPenSize = true
> Allow_OsSetSunParam =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsTeleportOwner = true
> Allow_OsWindActiveModelPluginName = true
>
> ; TreatLevel Nuisance
> Allow_OsSetEstateSunSettings = ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetRegionSunSettings = ESTATE_MANAGER,ESTATE_OWNER
>
> ; TreatLevel Very Low
> Allow_OsGetDrawStringSize = true
> Allow_OsGetWindParam = true
> Allow_OsReplaceString = true
> Allow_OsSetDynamicTextureData =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetDynamicTextureDataBlend =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetDynamicTextureDataBlendFace =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetDynamicTextureURL =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetDynamicTextureURLBlend =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetDynamicTextureURLBlendFace =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetParcelMediaURL =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetParcelSIPAddress =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetPrimFloatOnWater = true
> Allow_OsSetWindParam =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsTerrainFlush = ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsUnixTimeToTimestamp = true
>
> ; TreatLevel Low
> Allow_OsAvatarName2Key =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsFormatString = true
> Allow_OsKey2Name =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsListenRegex = true
> Allow_OsLoadedCreationDate =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsLoadedCreationID =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsLoadedCreationTime =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsMessageObject = true
> Allow_OsRegexIsMatch = true
>
> ; TreatLevel Moderate
> Allow_OsDropAttachment =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsDropAttachmentAt =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetGridCustom =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetGridGatekeeperURI =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetGridHomeURI =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetGridLoginURI =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetGridName = true
> Allow_OsGetGridNick = true
> Allow_OsGetNumberOfAttachments
> =PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetRegionStats =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetSimulatorMemory =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsMessageAttachments =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetSpeed =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
>
> ; TreatLevel High
> Allow_OsCauseDamage =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsCauseHealing =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsForceDropAttachment =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsForceDropAttachmentAt =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetAgentIP =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetLinkPrimitiveParams
> =PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetPhysicsEngineType = true
> Allow_OsGetPrimitiveParams = true
> Allow_OsGetRegionMapTexture =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsGetScriptEngineName = true
> Allow_OsGetSimulatorVersion = true
> Allow_OsMakeNotecard =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsMatchString = true
> Allow_OsNpcCreate =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsNpcMoveTo =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsNpcPlayAnimation =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsNpcRemove =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsNpcSay =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsNpcShout =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsNpcSit =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsNpcStand =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsNpcStopAnimation =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsNpcTouch =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsNpcWhisper =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsParcelJoin = ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsParcelSubdivide = ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsRegionRestart = ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetContentType =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetParcelDetails =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetPrimitiveParams = true
> Allow_OsSetProjectionParams =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetRegionWaterHeight = ESTATE_MANAGER,ESTATE_OWNER
> Allow_OsSetStateEvents = false
> Allow_OsSetTerrainHeight =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
>
> ; TreatLevel VeryHigh
> Allow_osAvatarPlayAnimation =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_osAvatarStopAnimation =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_osGetNotecard =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_osGetNotecardLine =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_osGetNumberOfNotecardLines =
> PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_osGetRegionNotice = ESTATE_MANAGER,ESTATE_OWNER
> Allow_osSetParcelDetails =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
>
> ; TreatLevel Severe
> Allow_osKickAvatar =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_osTeleportAgent =
> PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER
> Allow_osConsoleCommand = false
> ===================END ADDITION ========================
>
> Putting all this in OpenSim.ini will make clear what permissions can be
> set and what one is giving away.[8]
>
> Well, what do you all think?
>
> == mb
>
> [1] http://opensimulator.org/wiki/OSSL
> [2] http://opensimulator.org/wiki/Category:OSSL_Functions
> [3] The particular use I'm running up against is vehicle scripts needing
> to know which physics engine is being used in the region.
> [4] Region operators who want SL compatability are most likely people who
> have built their own configuration file system anyway so they are not using
> the default OpenSimulator configuration files in any case.
> [5] http://opensimulator.org/wiki/Threat_level
> [6] the 'mod' functions are an LSL language extension system that allows
> new OpenSimulator modules to easily add functions and constants to the
> scripting language. See
> http://opensimulator.org/wiki/OSSL_Script_Library/ModInvoke. Future
> emails will expound on this feature.
> [7] one suggestion is to put this permission list in a new INI file that
> is included into OpenSim.ini rather than directly into OpenSim.ini.
> [8] If a region is selling parcels, some of the PARCEL_* permissions might
> need removing. A note to this effect could be added.
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>
>
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>
>
--
Michael Emory Cerquoni
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20150410/d4f6d6dd/attachment-0001.html>
More information about the Opensim-dev
mailing list