[Opensim-dev] Changing the permissions of osAvatarName2Key

Melanie melanie at t-data.com
Mon Aug 3 18:48:50 UTC 2015 

Your participating grid and region owners will just have to change
the setting. A change to the default is not an option. That would
affect unwitting OpenSim users and possibly lead to problems for
grids that they would be hard put to accurately troubleshoot.

- Melanie

On 03/08/2015 20:12, Chris Weymann wrote:
> Hello all,  
> 
> Thats right. With bad script it is posible to make a dos to a robust server.
> But this is posible with LSL funktion too. I think the functionality shold not be restricted becouse of possibly bad scripts.
> The permission system is the wrong way to protect the region or robust stability. For this needs the script engine a trigger limit for some funktions.
> My meaning is that this funktions and that everyone can use it are importand for some typs of scripts. 
> I have make this patch because i want make a vendor system who works over HG. For this is it importand what everyone can use this funktions.
> 
> @Oren
> Then it must be you can change it back to "Low". It is ok for me.
> 
> Best regards 
> Chris
> 
> -----Ursprüngliche Nachricht-----
> Von: opensim-dev-bounces at opensimulator.org [mailto:opensim-dev-bounces at opensimulator.org] Im Auftrag von Melanie
> Gesendet: Montag, 3. August 2015 17:06
> An: opensim-dev at opensimulator.org
> Betreff: Re: [Opensim-dev] Changing the permissions of osAvatarName2Key
> 
> Wrong. This function (and others classified thus) have a very real potential for DOS attacks. Calling them with a random argument will cause a request to the ROBUST services which could be inundated with 10s of thousands of requests by abusers with build/script rights.
> There is no limit or throttle on them.
> 
> - Melanie
> 
> 
> On 03/08/2015 15:50, Oren Hurvitz wrote:
>> But what do you think the threat level *should* be? I think this is a 
>> safe function that should be callable by everyone, since names and 
>> avatar UUID's are public knowledge.
>> 
>> On Mon, Aug 3, 2015 at 4:46 PM, Mister Blue 
>> <misterblue at misterblue.com>
>> wrote:
>> 
>>> Changing the ThreatLevel as opposed to changing the entry in 
>>> 'osslEnable.ini' would cause existing installation that are using 
>>> ThreatLevels as os function control to allow these functions. The 
>>> ThreatLevel change would change regions that enable os functions but 
>>> only the VeryLow functions. Are there many regions that do this?
>>>
>>> As an alternative, leave it ThreatLevel 'low' but change the entry in 
>>> osslEnable.ini  to 'true'. This would enable the function for all 
>>> while keeping the previous threat note. Region owners who are using 
>>> the ThreatLevel for control will probably think this is set at the 
>>> level they need. Those who are not using ThreatLevel (and are 
>>> probably just using the osslEnable.ini settings) wouldn't mind 
>>> changing these functions to be enabled.
>>>
>>> Also, if changing ThreatLevel is a Good Thing, consider changing 
>>> osGetGridName and osGetGridNick to VeryLow as these functions are 
>>> needed by scripts while HGing. These are already 'true' in osslEnable.ini.
>>>
>>> == mb
>>>
>>> On Mon, Aug 3, 2015 at 5:44 AM, Oren Hurvitz <orenh at kitely.com> wrote:
>>>
>>>> Currently, osAvatarName2Key has ThreatLevel "Low" and is further 
>>>> restricted to the estate manager or owner.
>>>>
>>>> A pending patch will change the permission to VeryLow, and allow the 
>>>> function to be called by anyone.
>>>>
>>>> I think that's fine: this doesn't seem like a sensitive function. Is 
>>>> there any reason not to allow this?
>>>>
>>>> And while we're at it, osKey2Name is similarly restricted, and I 
>>>> think it should similarly be allowed to be called by anyone.
>>>>
>>>> --
>>>> Oren Hurvitz
>>>> VP R&D
>>>> Kitely Ltd.
>>>>
>>>> Email: orenh at kitely.com <ilan at kitely.com>
>>>>
>>>> _______________________________________________
>>>> Opensim-dev mailing list
>>>> Opensim-dev at opensimulator.org
>>>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> Opensim-dev at opensimulator.org
>>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>>>
>>>
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at opensimulator.org
>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> 
>

More information about the Opensim-dev mailing list