[Opensim-dev] Changing the permissions of osAvatarName2Key
Dahlia Trimble
dahliatrimble at gmail.com
Mon Aug 3 19:54:01 UTC 2015
Any reason these functions could not be throttled? Or are there other
implications besides the possible DOS?
On Mon, Aug 3, 2015 at 11:48 AM, Melanie <melanie at t-data.com> wrote:
> Your participating grid and region owners will just have to change
> the setting. A change to the default is not an option. That would
> affect unwitting OpenSim users and possibly lead to problems for
> grids that they would be hard put to accurately troubleshoot.
>
> - Melanie
>
> On 03/08/2015 20:12, Chris Weymann wrote:
> > Hello all,
> >
> > Thats right. With bad script it is posible to make a dos to a robust
> server.
> > But this is posible with LSL funktion too. I think the functionality
> shold not be restricted becouse of possibly bad scripts.
> > The permission system is the wrong way to protect the region or robust
> stability. For this needs the script engine a trigger limit for some
> funktions.
> > My meaning is that this funktions and that everyone can use it are
> importand for some typs of scripts.
> > I have make this patch because i want make a vendor system who works
> over HG. For this is it importand what everyone can use this funktions.
> >
> > @Oren
> > Then it must be you can change it back to "Low". It is ok for me.
> >
> > Best regards
> > Chris
> >
> > -----Ursprüngliche Nachricht-----
> > Von: opensim-dev-bounces at opensimulator.org [mailto:
> opensim-dev-bounces at opensimulator.org] Im Auftrag von Melanie
> > Gesendet: Montag, 3. August 2015 17:06
> > An: opensim-dev at opensimulator.org
> > Betreff: Re: [Opensim-dev] Changing the permissions of osAvatarName2Key
> >
> > Wrong. This function (and others classified thus) have a very real
> potential for DOS attacks. Calling them with a random argument will cause a
> request to the ROBUST services which could be inundated with 10s of
> thousands of requests by abusers with build/script rights.
> > There is no limit or throttle on them.
> >
> > - Melanie
> >
> >
> > On 03/08/2015 15:50, Oren Hurvitz wrote:
> >> But what do you think the threat level *should* be? I think this is a
> >> safe function that should be callable by everyone, since names and
> >> avatar UUID's are public knowledge.
> >>
> >> On Mon, Aug 3, 2015 at 4:46 PM, Mister Blue
> >> <misterblue at misterblue.com>
> >> wrote:
> >>
> >>> Changing the ThreatLevel as opposed to changing the entry in
> >>> 'osslEnable.ini' would cause existing installation that are using
> >>> ThreatLevels as os function control to allow these functions. The
> >>> ThreatLevel change would change regions that enable os functions but
> >>> only the VeryLow functions. Are there many regions that do this?
> >>>
> >>> As an alternative, leave it ThreatLevel 'low' but change the entry in
> >>> osslEnable.ini to 'true'. This would enable the function for all
> >>> while keeping the previous threat note. Region owners who are using
> >>> the ThreatLevel for control will probably think this is set at the
> >>> level they need. Those who are not using ThreatLevel (and are
> >>> probably just using the osslEnable.ini settings) wouldn't mind
> >>> changing these functions to be enabled.
> >>>
> >>> Also, if changing ThreatLevel is a Good Thing, consider changing
> >>> osGetGridName and osGetGridNick to VeryLow as these functions are
> >>> needed by scripts while HGing. These are already 'true' in
> osslEnable.ini.
> >>>
> >>> == mb
> >>>
> >>> On Mon, Aug 3, 2015 at 5:44 AM, Oren Hurvitz <orenh at kitely.com> wrote:
> >>>
> >>>> Currently, osAvatarName2Key has ThreatLevel "Low" and is further
> >>>> restricted to the estate manager or owner.
> >>>>
> >>>> A pending patch will change the permission to VeryLow, and allow the
> >>>> function to be called by anyone.
> >>>>
> >>>> I think that's fine: this doesn't seem like a sensitive function. Is
> >>>> there any reason not to allow this?
> >>>>
> >>>> And while we're at it, osKey2Name is similarly restricted, and I
> >>>> think it should similarly be allowed to be called by anyone.
> >>>>
> >>>> --
> >>>> Oren Hurvitz
> >>>> VP R&D
> >>>> Kitely Ltd.
> >>>>
> >>>> Email: orenh at kitely.com <ilan at kitely.com>
> >>>>
> >>>> _______________________________________________
> >>>> Opensim-dev mailing list
> >>>> Opensim-dev at opensimulator.org
> >>>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> >>>>
> >>>>
> >>>
> >>> _______________________________________________
> >>> Opensim-dev mailing list
> >>> Opensim-dev at opensimulator.org
> >>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> >>>
> >>>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Opensim-dev mailing list
> >> Opensim-dev at opensimulator.org
> >> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at opensimulator.org
> > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at opensimulator.org
> > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> >
> >
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20150803/1798be74/attachment.html>
More information about the Opensim-dev
mailing list