<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">I am 100% in favor of this!<div class=""><br class=""></div><div class="">Frank</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 10, 2015, at 8:40 AM, Mister Blue <<a href="mailto:misterblue@misterblue.com" class="">misterblue@misterblue.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="">This email is to start the discussion about enabling the 'ossl' functions by default.</div><div class=""><br class=""></div><div class="">OpenSimulator has many additional LSL scripting functions[1][2]. These functions are never used because they are off by default. Any region operator can enable them but most do not. Since they are not available, OpenSimulator is not as cool as it could be and some necessary scripting is not possible[3].</div><div class=""><br class=""></div><div class="">Why are they off by default? Two reasons: compatibility and security. 'Compatibility' is because some people believe that keeping LSL scripts compatible to SL is important. 'Security' because some of the 'ossl' functions are Really Dangerous and present amazing griefing opportunities.</div><div class=""><br class=""></div><div class="">For 'compatibility' I would suggest those few region operators that care just turn off the 'ossl' functions[4].</div><div class=""><br class=""></div><div class="">For 'security', I am not suggesting turning on all the 'ossl' functions but only enabling the safer ones in all cases and controlling access to the other functions.</div><div class=""><br class=""></div><div class="">The 'ossl' functions are grouped by ThreatLevel[5] which is a rough estimation of how dangerous the function is. 'dangerous' is an evaluation of how much damage the function can do to region operation if used by naive or malicious scripters. Even with the threat levels, the 'ossl' functions can be individually enabled for everyone, parcel or estate owner or member.</div><div class=""><br class=""></div><div class="">I propose to make the following addition to OpenSim.ini[6][7]:</div><div class="">===================BEGIN ADDITION ========================</div><div class="">[XEngine]</div><div class=""> AllowModFunctions = true</div><div class=""> AllowOSFunctions = true</div><div class=""> AllowLightshareFunctions = true</div><div class=""><br class=""></div><div class=""> OSFunctionThreatLevel = VeryLow</div><div class=""><div class=""> </div></div><div class=""><div class=""> ; TreatLevel None</div><div class=""> Allow_OsDrawEllipse = true</div><div class=""> Allow_OsDrawFilledPolygon = true</div><div class=""> Allow_OsDrawFilledRectangle = true</div><div class=""> Allow_OsDrawImage = true</div><div class=""> Allow_OsDrawLine = true</div><div class=""> Allow_OsDrawPolygon = true</div><div class=""> Allow_OsDrawRectangle = true</div><div class=""> Allow_OsDrawText = true</div><div class=""> Allow_OsGetAgents = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetAvatarList = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetCurrentSunHour = true</div><div class=""> Allow_OsGetHealth = true</div><div class=""> Allow_OsGetInventoryDesc = true</div><div class=""> Allow_OsGetMapTexture = true</div><div class=""> Allow_OsGetRezzingObject = true</div><div class=""> Allow_OsGetSunParam = true</div><div class=""> Allow_OsGetTerrainHeight = true</div><div class=""> Allow_OsIsUUID = true</div><div class=""> Allow_OsList2Double = true</div><div class=""> Allow_OsMax = true</div><div class=""> Allow_OsMin = true</div><div class=""> Allow_OsMovePen = true</div><div class=""> Allow_OsParseJSON = true</div><div class=""> Allow_OsParseJSONNew = true</div><div class=""> Allow_OsSetFontName = true</div><div class=""> Allow_OsSetFontSize = true</div><div class=""> Allow_OsSetPenCap = true</div><div class=""> Allow_OsSetPenColor = true</div><div class=""> Allow_OsSetPenSize = true</div><div class=""> Allow_OsSetSunParam = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsTeleportOwner = true</div><div class=""> Allow_OsWindActiveModelPluginName = true</div></div><div class=""><br class=""></div><div class=""> ; TreatLevel Nuisance</div><div class=""> Allow_OsSetEstateSunSettings = ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetRegionSunSettings = ESTATE_MANAGER,ESTATE_OWNER</div><div class=""><br class=""></div><div class=""> ; TreatLevel Very Low</div><div class=""> Allow_OsGetDrawStringSize = true</div><div class=""> Allow_OsGetWindParam = true</div><div class=""> Allow_OsReplaceString = true</div><div class=""> Allow_OsSetDynamicTextureData = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetDynamicTextureDataBlend = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetDynamicTextureDataBlendFace = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetDynamicTextureURL = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetDynamicTextureURLBlend = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetDynamicTextureURLBlendFace = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetParcelMediaURL = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetParcelSIPAddress = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetPrimFloatOnWater = true</div><div class=""> Allow_OsSetWindParam = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsTerrainFlush = ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsUnixTimeToTimestamp = true</div><div class=""><br class=""></div><div class=""> ; TreatLevel Low</div><div class=""> Allow_OsAvatarName2Key = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsFormatString = true</div><div class=""> Allow_OsKey2Name = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsListenRegex = true</div><div class=""> Allow_OsLoadedCreationDate = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsLoadedCreationID = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsLoadedCreationTime = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsMessageObject = true</div><div class=""> Allow_OsRegexIsMatch = true</div><div class=""><br class=""></div><div class=""> ; TreatLevel Moderate</div><div class=""> Allow_OsDropAttachment = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsDropAttachmentAt = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetGridCustom = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetGridGatekeeperURI = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetGridHomeURI = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetGridLoginURI = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetGridName = true</div><div class=""> Allow_OsGetGridNick = true</div><div class=""> Allow_OsGetNumberOfAttachments =PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetRegionStats = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetSimulatorMemory = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsMessageAttachments = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetSpeed = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""><br class=""></div><div class=""> ; TreatLevel High</div><div class=""> Allow_OsCauseDamage = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsCauseHealing = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsForceDropAttachment = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsForceDropAttachmentAt = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetAgentIP = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetLinkPrimitiveParams =PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetPhysicsEngineType = true</div><div class=""> Allow_OsGetPrimitiveParams = true</div><div class=""> Allow_OsGetRegionMapTexture = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsGetScriptEngineName = true</div><div class=""> Allow_OsGetSimulatorVersion = true</div><div class=""> Allow_OsMakeNotecard = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsMatchString = true</div><div class=""> Allow_OsNpcCreate = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsNpcMoveTo = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsNpcPlayAnimation = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsNpcRemove = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsNpcSay = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsNpcShout = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsNpcSit = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsNpcStand = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsNpcStopAnimation = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsNpcTouch = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsNpcWhisper = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsParcelJoin = ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsParcelSubdivide = ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsRegionRestart = ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetContentType = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetParcelDetails = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetPrimitiveParams = true</div><div class=""> Allow_OsSetProjectionParams = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetRegionWaterHeight = ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_OsSetStateEvents = false</div><div class=""> Allow_OsSetTerrainHeight = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""><br class=""></div><div class=""> ; TreatLevel VeryHigh</div><div class=""> Allow_osAvatarPlayAnimation = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_osAvatarStopAnimation = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_osGetNotecard = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_osGetNotecardLine = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_osGetNumberOfNotecardLines = PARCEL_GROUP_MEMBER,PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_osGetRegionNotice = ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_osSetParcelDetails = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""><br class=""></div><div class=""> ; TreatLevel Severe</div><div class=""> Allow_osKickAvatar = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_osTeleportAgent = PARCEL_OWNER,ESTATE_MANAGER,ESTATE_OWNER</div><div class=""> Allow_osConsoleCommand = false</div><div class="">===================END ADDITION ========================</div><div class=""><br class=""></div><div class="">Putting all this in OpenSim.ini will make clear what permissions can be set and what one is giving away.[8]</div><div class=""><br class=""></div><div class="">Well, what do you all think?</div><div class=""><br class=""></div><div class="">== mb</div><div class=""><br class=""></div><div class="">[1] <a href="http://opensimulator.org/wiki/OSSL" class="">http://opensimulator.org/wiki/OSSL</a></div><div class="">[2] <a href="http://opensimulator.org/wiki/Category:OSSL_Functions" class="">http://opensimulator.org/wiki/Category:OSSL_Functions</a></div><div class="">[3] The particular use I'm running up against is vehicle scripts needing to know which physics engine is being used in the region.</div><div class="">[4] Region operators who want SL compatability are most likely people who have built their own configuration file system anyway so they are not using the default OpenSimulator configuration files in any case.</div><div class="">[5] <a href="http://opensimulator.org/wiki/Threat_level" class="">http://opensimulator.org/wiki/Threat_level</a></div><div class="">[6] the 'mod' functions are an LSL language extension system that allows new OpenSimulator modules to easily add functions and constants to the scripting language. See <a href="http://opensimulator.org/wiki/OSSL_Script_Library/ModInvoke" class="">http://opensimulator.org/wiki/OSSL_Script_Library/ModInvoke</a>. Future emails will expound on this feature.</div><div class="">[7] one suggestion is to put this permission list in a new INI file that is included into OpenSim.ini rather than directly into OpenSim.ini.</div><div class="">[8] If a region is selling parcels, some of the PARCEL_* permissions might need removing. A note to this effect could be added.</div><div class=""><br class=""></div></div>
_______________________________________________<br class="">Opensim-dev mailing list<br class=""><a href="mailto:Opensim-dev@opensimulator.org" class="">Opensim-dev@opensimulator.org</a><br class="">http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev<br class=""></div></blockquote></div><br class=""></div></body></html>