From 520e6ed6f38c6432ac115b37d1fd48934319ae61 Mon Sep 17 00:00:00 2001 From: Robert Adams Date: Tue, 14 Apr 2015 06:18:25 -0700 Subject: [PATCH] Remove ossl settings in XEngine section of OpenSim.ini.example with note to where they were moved. At the moment, ossl settings are in the XEngine section although they should apply to any LSLish script engine. Moves all ossl settings to osslEnable.ini Update osslEnable.ini with more decriptive comments and set some functions to be more restrictive -- especially the functions that allow scripts to do things to other avatars and prims. --- bin/OpenSim.ini.example | 48 +------------ bin/config-include/osslEnable.ini | 109 +++++++++++++++++++----------- 2 files changed, 69 insertions(+), 88 deletions(-) diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index 14d6e23068..e911516f25 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example @@ -919,53 +919,7 @@ ;; Compile debug info (line numbers) into the script assemblies ; CompileWithDebugInformation = true - ;; Allow the user of mod* functions. This allows a script to pass messages - ;; to a region module via the modSendCommand() function - ;; Default is false - ; AllowMODFunctions = false - - ;# {AllowOSFunctions} {Enabled:true} {Allow OSFunctions? (DANGEROUS!)} {true false} false - ;; Allow the use of os* functions (some are dangerous) - ; AllowOSFunctions = false - - ;# {AllowLightShareFunctions} {Enabled:false [LightShare]enable_windlight:true} {Allow LightShare functions?} {true false} false - ; Allow the use of LightShare functions. - ; The setting enable_windlight = true must also be enabled in the [LightShare] section. - ; AllowLightShareFunctions = false - - ;# {OSFunctionThreatLevel} {Enabled:true AllowOSFunctions:true} {OSFunction threat level? (DANGEROUS!)} {None VeryLow Low Moderate High VeryHigh Severe} VeryLow - ;; Threat level to allow, one of None, VeryLow, Low, Moderate, High, VeryHigh, Severe - ;; See http://opensimulator.org/wiki/Threat_level for more information on these levels. - ;; We do not recommend that use set a general level above Low unless you have a high level of trust - ;; in all the users that can run scripts in your simulator. It is safer to explicitly - ;; allow certain types of user to run higher threat level OSSL functions, as detailed later on. - OSFunctionThreatLevel = VeryLow - - ; OS Functions enable/disable - ; For each function, you can add one line, as shown - ; The default for all functions allows them if below threat level - - ; true allows the use of the function unconditionally - ; Allow_osSetRegionWaterHeight = true - - ; false disables the function completely - ; Allow_osSetRegionWaterHeight = false - - ; Comma separated list of UUIDS allows the function for that list of UUIDS - ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb - - ; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are - ; - PARCEL_GROUP_MEMBER: allow if the object group is the same group as the parcel - ; - PARCEL_OWNER: allow if the object owner is the parcel owner - ; - ESTATE_MANAGER: allow if the object owner is an estate manager - ; - ESTATE_OWNER: allow if the object owner is the estate owner - ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ... - - ; You can also use script creators as the uuid - ; Creators_osSetRegionWaterHeight = , ... - - ; If both Allow_ and Creators_ are given, effective permissions - ; are the union of the two. + ; ==== Settings for MOD and OSSL functions have been moved to the [OSSL] section ;# {EventLimit} {} {Amount of time a script can spend in an event handler} {} 30 ;; Time a script can spend in an event handler before it is interrupted diff --git a/bin/config-include/osslEnable.ini b/bin/config-include/osslEnable.ini index 988060e9da..ce0e2618e5 100755 --- a/bin/config-include/osslEnable.ini +++ b/bin/config-include/osslEnable.ini @@ -10,10 +10,25 @@ ; execute a function is based on the owner of the prim holding the script. [XEngine] - AllowModFunctions = true + ; Allow the use of os* functions (some are dangerous) AllowOSFunctions = true + + ; Allow the user of mod* functions. This allows a script to pass messages + ; to a region module via the modSendCommand() function and is used by some + ; modules to extend the scripting language. + AllowMODFunctions = true + + ; Allow the use of LightShare functions. + ; The setting enable_windlight = true must also be enabled in the [LightShare] section. AllowLightshareFunctions = true + ; Threat level to allow. One of None, VeryLow, Low, Moderate, High, VeryHigh, Severe. + ; See http://opensimulator.org/wiki/Threat_level for more information on these levels. + ; This is the default level and can be overridden with the Allow_ specifications. + ; Blanket enabling the ossl functions is dangerous and we do not recommend setting higher + ; than 'Low' unless you have a high level of trust in all the users that can run scripts + ; in your simulator. It is safer to explicitly allow certain types of user to run + ; higher threat level OSSL functions, as detailed later on. OSFunctionThreatLevel = VeryLow ; Each of the OSSL functions can be enabled or disabled individually. @@ -26,17 +41,27 @@ ; "ESTATE_OWNER" -- enable for estate owner ; "PARCEL_OWNER" -- enable for parcel owner ; "PARCEL_GROUP_MEMBER" -- enable for any member of the parcel group - ; uuid -- enable for owner of object with specified avatar ID + ; uuid -- enable for specified ID (may be avatar or group ID) + + ; The OSSL function name is prepended with "Allow_" and it checks against + ; the owners of the containing prim. There can also be entries beginning with + ; 'Creators_". The 'Creators_" parameters can only be a list of UUIDs and it is + ; checked against the creator of the script itself. ; Allowing ossl functions for anyone owning a parcel can be dangerous especially if ; a region is selling or otherwise giving away parcel ownership. By default, parcel ; ownership or group membership does not enable OSSL functions. Uncomment the ; appropriate line below to allow parcel ownership and groups to do restricted - ; OSSL functions. + ; OSSL functions. It might be better to check the list below and edit the ones + ; to enable individually. osslParcelO = "" osslParcelOG = "" ; osslParcelO = "PARCEL_OWNER," ; osslParcelOG = "PARCEL_GROUP_MEMBER,PARCEL_OWNER," + + ; There are a block of functions for creating and controlling NPCs. + ; These can be mis-used so limit use to those you can trust. + osslNPC = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER ; ThreatLevel None Allow_osDrawEllipse = true @@ -72,21 +97,21 @@ Allow_osSetPenColor = true Allow_osSetPenSize = true Allow_osSetSunParam = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER - Allow_osTeleportOwner = true + Allow_osTeleportOwner = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osWindActiveModelPluginName = true - Allow_osCheckODE = true + Allow_osCheckODE = true ; Here for completeness. This function cannot be turned off ; ThreatLevel Nuisance Allow_osSetEstateSunSettings = ESTATE_MANAGER,ESTATE_OWNER Allow_osSetRegionSunSettings = ESTATE_MANAGER,ESTATE_OWNER ; ThreatLevel VeryLow - Allow_osEjectFromGroup = true - Allow_osForceBreakAllLinks = true - Allow_osForceBreakLink = true + Allow_osEjectFromGroup = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER + Allow_osForceBreakAllLinks = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER + Allow_osForceBreakLink = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetDrawStringSize = true Allow_osGetWindParam = true - Allow_osInviteToGroup = true + Allow_osInviteToGroup = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osReplaceString = true Allow_osSetDynamicTextureData = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osSetDynamicTextureDataBlend = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER @@ -109,7 +134,7 @@ Allow_osLoadedCreationDate = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osLoadedCreationID = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osLoadedCreationTime = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER - Allow_osMessageObject = true + Allow_osMessageObject = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osRegexIsMatch = true ; ThreatLevel Moderate @@ -138,62 +163,64 @@ Allow_osGetAgentIP = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetLinkPrimitiveParams = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetPhysicsEngineType = true - Allow_osGetPrimitiveParams = true - Allow_osGetRegionMapTexture = ESTATE_OWNER, ESTATE_MANAGER, PARCEL_OWNER + Allow_osGetPrimitiveParams = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER + Allow_osGetRegionMapTexture = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetScriptEngineName = true Allow_osGetSimulatorVersion = true Allow_osMakeNotecard = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osMatchString = true - Allow_osNpcCreate = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcGetPos = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcGetRot = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcLoadAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcMoveTo = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcMoveToTarget = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcPlayAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcRemove = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcSaveAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcSay = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcSetRot = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcShout = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcSit = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcStand = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcStopAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcStopMoveToTarget = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcTouch = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osNpcWhisper = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER + Allow_osNpcCreate = ${XEngine|osslNPC} + Allow_osNpcGetPos = ${XEngine|osslNPC} + Allow_osNpcGetRot = ${XEngine|osslNPC} + Allow_osNpcLoadAppearance = ${XEngine|osslNPC} + Allow_osNpcMoveTo = ${XEngine|osslNPC} + Allow_osNpcMoveToTarget = ${XEngine|osslNPC} + Allow_osNpcPlayAnimation = ${XEngine|osslNPC} + Allow_osNpcRemove = ${XEngine|osslNPC} + Allow_osNpcSaveAppearance = ${XEngine|osslNPC} + Allow_osNpcSay = ${XEngine|osslNPC} + Allow_osNpcSetRot = ${XEngine|osslNPC} + Allow_osNpcShout = ${XEngine|osslNPC} + Allow_osNpcSit = ${XEngine|osslNPC} + Allow_osNpcStand = ${XEngine|osslNPC} + Allow_osNpcStopAnimation = ${XEngine|osslNPC} + Allow_osNpcStopMoveToTarget = ${XEngine|osslNPC} + Allow_osNpcTouch = ${XEngine|osslNPC} + Allow_osNpcWhisper = ${XEngine|osslNPC} Allow_osOwnerSaveAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osParcelJoin = ESTATE_OWNER, ESTATE_MANAGER + Allow_osParcelJoin = ESTATE_MANAGER,ESTATE_OWNER Allow_osParcelSubdivide = ESTATE_MANAGER,ESTATE_OWNER Allow_osRegionRestart = ESTATE_MANAGER,ESTATE_OWNER Allow_osSetContentType = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osSetPrimitiveParams = true + Allow_osSetPrimitiveParams = false Allow_osSetProjectionParams = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER Allow_osSetRegionWaterHeight = ESTATE_MANAGER,ESTATE_OWNER - Allow_osSetStateEvents = false + Allow_osSetStateEvents = false ; deprecated Allow_osSetTerrainHeight = ESTATE_MANAGER,ESTATE_OWNER Allow_osSetTerrainTexture = ESTATE_MANAGER,ESTATE_OWNER Allow_osSetTerrainTextureHeight = ESTATE_MANAGER,ESTATE_OWNER ; VeryHigh - Allow_osAgentSaveAppearance = ESTATE_OWNER, ESTATE_MANAGER + Allow_osAgentSaveAppearance = ESTATE_MANAGER,ESTATE_OWNER ; Warning: The next function allows scripts to force animations on avatars without the user giving permission. ; Enabling this can allow forced animations which can trigger traumatic episodes in vulnerable populations. ; Similar things can be said for several of the 'force' functions. Enable with care and control. - Allow_osAvatarPlayAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osAvatarStopAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osForceDetachFromAvatar = ESTATE_OWNER, ESTATE_MANAGER - Allow_osForceOtherSit = ESTATE_OWNER, ESTATE_MANAGER + ; Some of these were added as early functionality for NPCs. This has been replaced with the NPC functions. + Allow_osAvatarPlayAnimation = false + Allow_osAvatarStopAnimation = false + Allow_osForceDetachFromAvatar = false + Allow_osForceOtherSit = false + ; The notecard functions can cause a lot of load on the region if over used Allow_osGetNotecard = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetNotecardLine = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osGetNumberOfNotecardLines = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER - Allow_osRegionNotice = ESTATE_OWNER, ESTATE_MANAGER - Allow_osSetRot = ESTATE_OWNER, ESTATE_MANAGER + Allow_osRegionNotice = ESTATE_MANAGER,ESTATE_OWNER + Allow_osSetRot = false Allow_osSetParcelDetails = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER ; Severe Allow_osConsoleCommand = false - Allow_osForceAttachToOtherAvatarFromInventory = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER + Allow_osForceAttachToOtherAvatarFromInventory = false Allow_osGrantScriptPermissions = false Allow_osKickAvatar = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER Allow_osRevokeScriptPermissions = false