Remove ossl settings in XEngine section of OpenSim.ini.example with note to where

they were moved. At the moment, ossl settings are in the XEngine section although
  they should apply to any LSLish script engine. Moves all ossl settings to osslEnable.ini
Update osslEnable.ini with more decriptive comments and set some functions to be more
  restrictive -- especially the functions that allow scripts to do things to other
  avatars and prims.

bin/OpenSim.ini.example

@@ -919,53 +919,7 @@
     ;; Compile debug info (line numbers) into the script assemblies
     ; CompileWithDebugInformation = true
 
-    ;; Allow the user of mod* functions.  This allows a script to pass messages
+    ; ==== Settings for MOD and OSSL functions have been moved to the [OSSL] section
-    ;; to a region module via the modSendCommand() function
-    ;; Default is false
-    ; AllowMODFunctions = false
-
-    ;# {AllowOSFunctions} {Enabled:true} {Allow OSFunctions? (DANGEROUS!)} {true false} false
-    ;; Allow the use of os* functions (some are dangerous)
-    ; AllowOSFunctions = false
-
-    ;# {AllowLightShareFunctions} {Enabled:false [LightShare]enable_windlight:true} {Allow LightShare functions?} {true false} false
-    ; Allow the use of LightShare functions.
-    ; The setting enable_windlight = true must also be enabled in the [LightShare] section.
-    ; AllowLightShareFunctions = false
-
-    ;# {OSFunctionThreatLevel} {Enabled:true AllowOSFunctions:true} {OSFunction threat level? (DANGEROUS!)} {None VeryLow Low Moderate High VeryHigh Severe} VeryLow
-    ;; Threat level to allow, one of None, VeryLow, Low, Moderate, High, VeryHigh, Severe
-    ;; See http://opensimulator.org/wiki/Threat_level for more information on these levels.
-    ;; We do not recommend that use set a general level above Low unless you have a high level of trust
-    ;; in all the users that can run scripts in your simulator.  It is safer to explicitly
-    ;; allow certain types of user to run higher threat level OSSL functions, as detailed later on.
-    OSFunctionThreatLevel = VeryLow
-
-    ; OS Functions enable/disable
-    ; For each function, you can add one line, as shown
-    ; The default for all functions allows them if below threat level
-
-    ; true allows the use of the function unconditionally
-    ; Allow_osSetRegionWaterHeight = true
-    
-    ; false disables the function completely
-    ; Allow_osSetRegionWaterHeight = false
-    
-    ; Comma separated list of UUIDS allows the function for that list of UUIDS
-    ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
-    
-    ; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are
-    ; - PARCEL_GROUP_MEMBER:  allow if the object group is the same group as the parcel
-    ; - PARCEL_OWNER:         allow if the object owner is the parcel owner
-    ; - ESTATE_MANAGER:       allow if the object owner is an estate manager
-    ; - ESTATE_OWNER:         allow if the object owner is the estate owner
-    ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ...
-
-    ; You can also use script creators as the uuid
-    ; Creators_osSetRegionWaterHeight = <uuid>, ...
-
-    ; If both Allow_ and Creators_ are given, effective permissions
-    ; are the union of the two.
 
     ;# {EventLimit} {} {Amount of time a script can spend in an event handler} {} 30
     ;; Time a script can spend in an event handler before it is interrupted

bin/config-include/osslEnable.ini

@@ -10,10 +10,25 @@
 ;   execute a function is based on the owner of the prim holding the script.
 
 [XEngine]
-  AllowModFunctions = true
+  ; Allow the use of os* functions (some are dangerous)
   AllowOSFunctions = true
+
+  ; Allow the user of mod* functions.  This allows a script to pass messages
+  ;   to a region module via the modSendCommand() function and is used by some
+  ;   modules to extend the scripting language.
+  AllowMODFunctions = true
+
+  ; Allow the use of LightShare functions.
+  ; The setting enable_windlight = true must also be enabled in the [LightShare] section.
   AllowLightshareFunctions = true
 
+  ; Threat level to allow. One of None, VeryLow, Low, Moderate, High, VeryHigh, Severe.
+  ; See http://opensimulator.org/wiki/Threat_level for more information on these levels.
+  ; This is the default level and can be overridden with the Allow_ specifications.
+  ; Blanket enabling the ossl functions is dangerous and we do not recommend setting higher
+  ;   than 'Low' unless you have a high level of trust in all the users that can run scripts
+  ;   in your simulator.  It is safer to explicitly allow certain types of user to run
+  ;   higher threat level OSSL functions, as detailed later on.
   OSFunctionThreatLevel = VeryLow
 
   ; Each of the OSSL functions can be enabled or disabled individually.
@@ -26,17 +41,27 @@
   ;           "ESTATE_OWNER" -- enable for estate owner
   ;           "PARCEL_OWNER" -- enable for parcel owner
   ;           "PARCEL_GROUP_MEMBER" -- enable for any member of the parcel group
-  ;           uuid -- enable for owner of object with specified avatar ID
+  ;           uuid -- enable for specified ID (may be avatar or group ID)
+
+  ; The OSSL function name is prepended with "Allow_" and it checks against
+  ;   the owners of the containing prim. There can also be entries beginning with
+  ;   'Creators_". The 'Creators_" parameters can only be a list of UUIDs and it is
+  ;   checked against the creator of the script itself.
 
   ; Allowing ossl functions for anyone owning a parcel can be dangerous especially if
   ;    a region is selling or otherwise giving away parcel ownership. By default, parcel
   ;    ownership or group membership does not enable OSSL functions. Uncomment the
   ;    appropriate line below to allow parcel ownership and groups to do restricted
-  ;    OSSL functions.
+  ;    OSSL functions. It might be better to check the list below and edit the ones
+  ;    to enable individually.
   osslParcelO = ""
   osslParcelOG = ""
   ; osslParcelO = "PARCEL_OWNER,"
   ; osslParcelOG = "PARCEL_GROUP_MEMBER,PARCEL_OWNER,"
+
+  ; There are a block of functions for creating and controlling NPCs.
+  ; These can be mis-used so limit use to those you can trust.
+  osslNPC =                         ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
                
   ; ThreatLevel  None
   Allow_osDrawEllipse =             true
@@ -72,21 +97,21 @@
   Allow_osSetPenColor =             true
   Allow_osSetPenSize =              true
   Allow_osSetSunParam =             ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
-  Allow_osTeleportOwner =           true
+  Allow_osTeleportOwner =           ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osWindActiveModelPluginName = true
-  Allow_osCheckODE =                true
+  Allow_osCheckODE =                true    ; Here for completeness. This function cannot be turned off
   
   ; ThreatLevel  Nuisance
   Allow_osSetEstateSunSettings =    ESTATE_MANAGER,ESTATE_OWNER
   Allow_osSetRegionSunSettings =    ESTATE_MANAGER,ESTATE_OWNER
   
   ; ThreatLevel  VeryLow
-  Allow_osEjectFromGroup =          true
+  Allow_osEjectFromGroup =          ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
-  Allow_osForceBreakAllLinks =      true
+  Allow_osForceBreakAllLinks =      ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
-  Allow_osForceBreakLink =          true
+  Allow_osForceBreakLink =          ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osGetDrawStringSize =       true
   Allow_osGetWindParam =            true
-  Allow_osInviteToGroup =           true
+  Allow_osInviteToGroup =           ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osReplaceString =           true
   Allow_osSetDynamicTextureData =       ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osSetDynamicTextureDataBlend =  ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
@@ -109,7 +134,7 @@
   Allow_osLoadedCreationDate =      ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osLoadedCreationID =        ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osLoadedCreationTime =      ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
-  Allow_osMessageObject =           true
+  Allow_osMessageObject =           ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osRegexIsMatch =            true
   
   ; ThreatLevel  Moderate
@@ -138,62 +163,64 @@
   Allow_osGetAgentIP =              ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osGetLinkPrimitiveParams =  ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osGetPhysicsEngineType =    true
-  Allow_osGetPrimitiveParams =      true
+  Allow_osGetPrimitiveParams =      ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
-  Allow_osGetRegionMapTexture =     ESTATE_OWNER, ESTATE_MANAGER, PARCEL_OWNER
+  Allow_osGetRegionMapTexture =     ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osGetScriptEngineName =     true
   Allow_osGetSimulatorVersion =     true
   Allow_osMakeNotecard =            ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osMatchString =             true
-  Allow_osNpcCreate =               ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcCreate =               ${XEngine|osslNPC}
-  Allow_osNpcGetPos =               ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcGetPos =               ${XEngine|osslNPC}
-  Allow_osNpcGetRot =               ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcGetRot =               ${XEngine|osslNPC}
-  Allow_osNpcLoadAppearance =       ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcLoadAppearance =       ${XEngine|osslNPC}
-  Allow_osNpcMoveTo =               ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcMoveTo =               ${XEngine|osslNPC}
-  Allow_osNpcMoveToTarget =         ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcMoveToTarget =         ${XEngine|osslNPC}
-  Allow_osNpcPlayAnimation =        ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcPlayAnimation =        ${XEngine|osslNPC}
-  Allow_osNpcRemove =               ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcRemove =               ${XEngine|osslNPC}
-  Allow_osNpcSaveAppearance =       ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcSaveAppearance =       ${XEngine|osslNPC}
-  Allow_osNpcSay =                  ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcSay =                  ${XEngine|osslNPC}
-  Allow_osNpcSetRot =               ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcSetRot =               ${XEngine|osslNPC}
-  Allow_osNpcShout =                ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcShout =                ${XEngine|osslNPC}
-  Allow_osNpcSit =                  ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcSit =                  ${XEngine|osslNPC}
-  Allow_osNpcStand =                ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcStand =                ${XEngine|osslNPC}
-  Allow_osNpcStopAnimation =        ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcStopAnimation =        ${XEngine|osslNPC}
-  Allow_osNpcStopMoveToTarget =     ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcStopMoveToTarget =     ${XEngine|osslNPC}
-  Allow_osNpcTouch =                ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcTouch =                ${XEngine|osslNPC}
-  Allow_osNpcWhisper =              ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osNpcWhisper =              ${XEngine|osslNPC}
   Allow_osOwnerSaveAppearance =     ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
-  Allow_osParcelJoin =              ESTATE_OWNER, ESTATE_MANAGER
+  Allow_osParcelJoin =              ESTATE_MANAGER,ESTATE_OWNER
   Allow_osParcelSubdivide =         ESTATE_MANAGER,ESTATE_OWNER
   Allow_osRegionRestart =           ESTATE_MANAGER,ESTATE_OWNER
   Allow_osSetContentType =          ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
-  Allow_osSetPrimitiveParams =      true
+  Allow_osSetPrimitiveParams =      false
   Allow_osSetProjectionParams =     ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osSetRegionWaterHeight =    ESTATE_MANAGER,ESTATE_OWNER
-  Allow_osSetStateEvents =          false
+  Allow_osSetStateEvents =          false   ; deprecated
   Allow_osSetTerrainHeight =        ESTATE_MANAGER,ESTATE_OWNER
   Allow_osSetTerrainTexture =       ESTATE_MANAGER,ESTATE_OWNER
   Allow_osSetTerrainTextureHeight = ESTATE_MANAGER,ESTATE_OWNER
   
   ; VeryHigh
-  Allow_osAgentSaveAppearance =     ESTATE_OWNER, ESTATE_MANAGER
+  Allow_osAgentSaveAppearance =     ESTATE_MANAGER,ESTATE_OWNER
   ; Warning: The next function allows scripts to force animations on avatars without the user giving permission.
   ;   Enabling this can allow forced animations which can trigger traumatic episodes in vulnerable populations.
   ;   Similar things can be said for several of the 'force' functions. Enable with care and control.
-  Allow_osAvatarPlayAnimation =     ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  ; Some of these were added as early functionality for NPCs. This has been replaced with the NPC functions.
-  Allow_osAvatarStopAnimation =     ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osAvatarPlayAnimation =     false
-  Allow_osForceDetachFromAvatar =   ESTATE_OWNER, ESTATE_MANAGER
+  Allow_osAvatarStopAnimation =     false
-  Allow_osForceOtherSit =           ESTATE_OWNER, ESTATE_MANAGER
+  Allow_osForceDetachFromAvatar =   false
+  Allow_osForceOtherSit =           false
+  ; The notecard functions can cause a lot of load on the region if over used
   Allow_osGetNotecard =             ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osGetNotecardLine =         ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osGetNumberOfNotecardLines = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
-  Allow_osRegionNotice =            ESTATE_OWNER, ESTATE_MANAGER
+  Allow_osRegionNotice =            ESTATE_MANAGER,ESTATE_OWNER
-  Allow_osSetRot  =                 ESTATE_OWNER, ESTATE_MANAGER
+  Allow_osSetRot  =                 false
   Allow_osSetParcelDetails =        ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
   
   ; Severe
   Allow_osConsoleCommand =          false
-  Allow_osForceAttachToOtherAvatarFromInventory = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
+  Allow_osForceAttachToOtherAvatarFromInventory = false
   Allow_osGrantScriptPermissions =  false
   Allow_osKickAvatar =              ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
   Allow_osRevokeScriptPermissions = false