diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index 14d6e23068..e911516f25 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example @@ -919,53 +919,7 @@ ;; Compile debug info (line numbers) into the script assemblies ; CompileWithDebugInformation = true - ;; Allow the user of mod* functions. This allows a script to pass messages - ;; to a region module via the modSendCommand() function - ;; Default is false - ; AllowMODFunctions = false - - ;# {AllowOSFunctions} {Enabled:true} {Allow OSFunctions? (DANGEROUS!)} {true false} false - ;; Allow the use of os* functions (some are dangerous) - ; AllowOSFunctions = false - - ;# {AllowLightShareFunctions} {Enabled:false [LightShare]enable_windlight:true} {Allow LightShare functions?} {true false} false - ; Allow the use of LightShare functions. - ; The setting enable_windlight = true must also be enabled in the [LightShare] section. - ; AllowLightShareFunctions = false - - ;# {OSFunctionThreatLevel} {Enabled:true AllowOSFunctions:true} {OSFunction threat level? (DANGEROUS!)} {None VeryLow Low Moderate High VeryHigh Severe} VeryLow - ;; Threat level to allow, one of None, VeryLow, Low, Moderate, High, VeryHigh, Severe - ;; See http://opensimulator.org/wiki/Threat_level for more information on these levels. - ;; We do not recommend that use set a general level above Low unless you have a high level of trust - ;; in all the users that can run scripts in your simulator. It is safer to explicitly - ;; allow certain types of user to run higher threat level OSSL functions, as detailed later on. - OSFunctionThreatLevel = VeryLow - - ; OS Functions enable/disable - ; For each function, you can add one line, as shown - ; The default for all functions allows them if below threat level - - ; true allows the use of the function unconditionally - ; Allow_osSetRegionWaterHeight = true - - ; false disables the function completely - ; Allow_osSetRegionWaterHeight = false - - ; Comma separated list of UUIDS allows the function for that list of UUIDS - ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb - - ; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are - ; - PARCEL_GROUP_MEMBER: allow if the object group is the same group as the parcel - ; - PARCEL_OWNER: allow if the object owner is the parcel owner - ; - ESTATE_MANAGER: allow if the object owner is an estate manager - ; - ESTATE_OWNER: allow if the object owner is the estate owner - ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ... - - ; You can also use script creators as the uuid - ; Creators_osSetRegionWaterHeight = , ... - - ; If both Allow_ and Creators_ are given, effective permissions - ; are the union of the two. + ; ==== Settings for MOD and OSSL functions have been moved to the [OSSL] section ;# {EventLimit} {} {Amount of time a script can spend in an event handler} {} 30 ;; Time a script can spend in an event handler before it is interrupted diff --git a/bin/config-include/osslEnable.ini b/bin/config-include/osslEnable.ini index 988060e9da..ce0e2618e5 100755 --- a/bin/config-include/osslEnable.ini +++ b/bin/config-include/osslEnable.ini @@ -10,10 +10,25 @@ ; execute a function is based on the owner of the prim holding the script. [XEngine] - AllowModFunctions = true + ; Allow the use of os* functions (some are dangerous) AllowOSFunctions = true + + ; Allow the user of mod* functions. This allows a script to pass messages + ; to a region module via the modSendCommand() function and is used by some + ; modules to extend the scripting language. + AllowMODFunctions = true + + ; Allow the use of LightShare functions. + ; The setting enable_windlight = true must also be enabled in the [LightShare] section. AllowLightshareFunctions = true + ; Threat level to allow. One of None, VeryLow, Low, Moderate, High, VeryHigh, Severe. + ; See http://opensimulator.org/wiki/Threat_level for more information on these levels. + ; This is the default level and can be overridden with the Allow_ specifications. + ; Blanket enabling the ossl functions is dangerous and we do not recommend setting higher + ; than 'Low' unless you have a high level of trust in all the users that can run scripts + ; in your simulator. It is safer to explicitly allow certain types of user to run + ; higher threat level OSSL functions, as detailed later on. OSFunctionThreatLevel = VeryLow ; Each of the OSSL functions can be enabled or disabled individually. @@ -26,17 +41,27 @@ ; "ESTATE_OWNER" -- enable for estate owner ; "PARCEL_OWNER" -- enable for parcel owner ; "PARCEL_GROUP_MEMBER" -- enable for any member of the parcel group - ; uuid -- enable for owner of object with specified avatar ID + ; uuid -- enable for specified ID (may be avatar or group ID) + + ; The OSSL function name is prepended with "Allow_" and it checks against + ; the owners of the containing prim. There can also be entries beginning with + ; 'Creators_". The 'Creators_" parameters can only be a list of UUIDs and it is + ; checked against the creator of the script itself. ; Allowing ossl functions for anyone owning a parcel can be dangerous especially if ; a region is selling or otherwise giving away parcel ownership. By default, parcel ; ownership or group membership does not enable OSSL functions. Uncomment the ; appropriate line below to allow parcel ownership and groups to do restricted - ; OSSL functions. + ; OSSL functions. It might be better to check the list below and edit the ones + ; to enable individually. osslParcelO = "" osslParcelOG = "" ; osslParcelO = "PARCEL_OWNER," ; osslParcelOG = "PARCEL_GROUP_MEMBER,PARCEL_OWNER," + + ; There are a block of functions for creating and controlling NPCs. + ; These can be mis-used so limit use to those you can trust. + osslNPC = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER ; ThreatLevel None Allow_osDrawEllipse = true @@ -72,21 +97,21 @@ Allow_osSetPenColor = true Allow_osSetPenSize = true Allow_osSetSunParam = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER - Allow_osTeleportOwner = true + Allow_osTeleportOwner = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osWindActiveModelPluginName = true - Allow_osCheckODE = true + Allow_osCheckODE = true ; Here for completeness. This function cannot be turned off ; ThreatLevel Nuisance Allow_osSetEstateSunSettings = ESTATE_MANAGER,ESTATE_OWNER Allow_osSetRegionSunSettings = ESTATE_MANAGER,ESTATE_OWNER ; ThreatLevel VeryLow - Allow_osEjectFromGroup = true - Allow_osForceBreakAllLinks = true - Allow_osForceBreakLink = true + Allow_osEjectFromGroup = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER + Allow_osForceBreakAllLinks = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER + Allow_osForceBreakLink = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetDrawStringSize = true Allow_osGetWindParam = true - Allow_osInviteToGroup = true + Allow_osInviteToGroup = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osReplaceString = true Allow_osSetDynamicTextureData = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osSetDynamicTextureDataBlend = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER @@ -109,7 +134,7 @@ Allow_osLoadedCreationDate = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osLoadedCreationID = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osLoadedCreationTime = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER - Allow_osMessageObject = true + Allow_osMessageObject = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osRegexIsMatch = true ; ThreatLevel Moderate @@ -138,62 +163,64 @@ Allow_osGetAgentIP = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetLinkPrimitiveParams = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetPhysicsEngineType = true - Allow_osGetPrimitiveParams = true - Allow_osGetRegionMapTexture = ESTATE_OWNER, ESTATE_MANAGER, PARCEL_OWNER + Allow_osGetPrimitiveParams = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER + Allow_osGetRegionMapTexture = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetScriptEngineName = true Allow_osGetSimulatorVersion = true Allow_osMakeNotecard = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osMatchString = true - Allow_osNpcCreate = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcGetPos = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcGetRot = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcLoadAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcMoveTo = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcMoveToTarget = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcPlayAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcRemove = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcSaveAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcSay = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcSetRot = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcShout = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcSit = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcStand = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcStopAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcStopMoveToTarget = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcTouch = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcWhisper = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER + Allow_osNpcCreate = ${XEngine|osslNPC} + Allow_osNpcGetPos = ${XEngine|osslNPC} + Allow_osNpcGetRot = ${XEngine|osslNPC} + Allow_osNpcLoadAppearance = ${XEngine|osslNPC} + Allow_osNpcMoveTo = ${XEngine|osslNPC} + Allow_osNpcMoveToTarget = ${XEngine|osslNPC} + Allow_osNpcPlayAnimation = ${XEngine|osslNPC} + Allow_osNpcRemove = ${XEngine|osslNPC} + Allow_osNpcSaveAppearance = ${XEngine|osslNPC} + Allow_osNpcSay = ${XEngine|osslNPC} + Allow_osNpcSetRot = ${XEngine|osslNPC} + Allow_osNpcShout = ${XEngine|osslNPC} + Allow_osNpcSit = ${XEngine|osslNPC} + Allow_osNpcStand = ${XEngine|osslNPC} + Allow_osNpcStopAnimation = ${XEngine|osslNPC} + Allow_osNpcStopMoveToTarget = ${XEngine|osslNPC} + Allow_osNpcTouch = ${XEngine|osslNPC} + Allow_osNpcWhisper = ${XEngine|osslNPC} Allow_osOwnerSaveAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osParcelJoin = ESTATE_OWNER, ESTATE_MANAGER + Allow_osParcelJoin = ESTATE_MANAGER,ESTATE_OWNER Allow_osParcelSubdivide = ESTATE_MANAGER,ESTATE_OWNER Allow_osRegionRestart = ESTATE_MANAGER,ESTATE_OWNER Allow_osSetContentType = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osSetPrimitiveParams = true + Allow_osSetPrimitiveParams = false Allow_osSetProjectionParams = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osSetRegionWaterHeight = ESTATE_MANAGER,ESTATE_OWNER - Allow_osSetStateEvents = false + Allow_osSetStateEvents = false ; deprecated Allow_osSetTerrainHeight = ESTATE_MANAGER,ESTATE_OWNER Allow_osSetTerrainTexture = ESTATE_MANAGER,ESTATE_OWNER Allow_osSetTerrainTextureHeight = ESTATE_MANAGER,ESTATE_OWNER ; VeryHigh - Allow_osAgentSaveAppearance = ESTATE_OWNER, ESTATE_MANAGER + Allow_osAgentSaveAppearance = ESTATE_MANAGER,ESTATE_OWNER ; Warning: The next function allows scripts to force animations on avatars without the user giving permission. ; Enabling this can allow forced animations which can trigger traumatic episodes in vulnerable populations. ; Similar things can be said for several of the 'force' functions. Enable with care and control. - Allow_osAvatarPlayAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osAvatarStopAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osForceDetachFromAvatar = ESTATE_OWNER, ESTATE_MANAGER - Allow_osForceOtherSit = ESTATE_OWNER, ESTATE_MANAGER + ; Some of these were added as early functionality for NPCs. This has been replaced with the NPC functions. + Allow_osAvatarPlayAnimation = false + Allow_osAvatarStopAnimation = false + Allow_osForceDetachFromAvatar = false + Allow_osForceOtherSit = false + ; The notecard functions can cause a lot of load on the region if over used Allow_osGetNotecard = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetNotecardLine = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetNumberOfNotecardLines = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osRegionNotice = ESTATE_OWNER, ESTATE_MANAGER - Allow_osSetRot = ESTATE_OWNER, ESTATE_MANAGER + Allow_osRegionNotice = ESTATE_MANAGER,ESTATE_OWNER + Allow_osSetRot = false Allow_osSetParcelDetails = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER ; Severe Allow_osConsoleCommand = false - Allow_osForceAttachToOtherAvatarFromInventory = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER + Allow_osForceAttachToOtherAvatarFromInventory = false Allow_osGrantScriptPermissions = false Allow_osKickAvatar = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osRevokeScriptPermissions = false