Remove ossl settings in XEngine section of OpenSim.ini.example with note to where

they were moved. At the moment, ossl settings are in the XEngine section although
  they should apply to any LSLish script engine. Moves all ossl settings to osslEnable.ini
Update osslEnable.ini with more decriptive comments and set some functions to be more
  restrictive -- especially the functions that allow scripts to do things to other
  avatars and prims.
inv-download
Robert Adams 2015-04-14 06:18:25 -07:00
parent d96d31be45
commit 520e6ed6f3
2 changed files with 69 additions and 88 deletions

View File

@ -919,53 +919,7 @@
;; Compile debug info (line numbers) into the script assemblies
; CompileWithDebugInformation = true
;; Allow the user of mod* functions. This allows a script to pass messages
;; to a region module via the modSendCommand() function
;; Default is false
; AllowMODFunctions = false
;# {AllowOSFunctions} {Enabled:true} {Allow OSFunctions? (DANGEROUS!)} {true false} false
;; Allow the use of os* functions (some are dangerous)
; AllowOSFunctions = false
;# {AllowLightShareFunctions} {Enabled:false [LightShare]enable_windlight:true} {Allow LightShare functions?} {true false} false
; Allow the use of LightShare functions.
; The setting enable_windlight = true must also be enabled in the [LightShare] section.
; AllowLightShareFunctions = false
;# {OSFunctionThreatLevel} {Enabled:true AllowOSFunctions:true} {OSFunction threat level? (DANGEROUS!)} {None VeryLow Low Moderate High VeryHigh Severe} VeryLow
;; Threat level to allow, one of None, VeryLow, Low, Moderate, High, VeryHigh, Severe
;; See http://opensimulator.org/wiki/Threat_level for more information on these levels.
;; We do not recommend that use set a general level above Low unless you have a high level of trust
;; in all the users that can run scripts in your simulator. It is safer to explicitly
;; allow certain types of user to run higher threat level OSSL functions, as detailed later on.
OSFunctionThreatLevel = VeryLow
; OS Functions enable/disable
; For each function, you can add one line, as shown
; The default for all functions allows them if below threat level
; true allows the use of the function unconditionally
; Allow_osSetRegionWaterHeight = true
; false disables the function completely
; Allow_osSetRegionWaterHeight = false
; Comma separated list of UUIDS allows the function for that list of UUIDS
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are
; - PARCEL_GROUP_MEMBER: allow if the object group is the same group as the parcel
; - PARCEL_OWNER: allow if the object owner is the parcel owner
; - ESTATE_MANAGER: allow if the object owner is an estate manager
; - ESTATE_OWNER: allow if the object owner is the estate owner
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ...
; You can also use script creators as the uuid
; Creators_osSetRegionWaterHeight = <uuid>, ...
; If both Allow_ and Creators_ are given, effective permissions
; are the union of the two.
; ==== Settings for MOD and OSSL functions have been moved to the [OSSL] section
;# {EventLimit} {} {Amount of time a script can spend in an event handler} {} 30
;; Time a script can spend in an event handler before it is interrupted

View File

@ -10,10 +10,25 @@
; execute a function is based on the owner of the prim holding the script.
[XEngine]
AllowModFunctions = true
; Allow the use of os* functions (some are dangerous)
AllowOSFunctions = true
; Allow the user of mod* functions. This allows a script to pass messages
; to a region module via the modSendCommand() function and is used by some
; modules to extend the scripting language.
AllowMODFunctions = true
; Allow the use of LightShare functions.
; The setting enable_windlight = true must also be enabled in the [LightShare] section.
AllowLightshareFunctions = true
; Threat level to allow. One of None, VeryLow, Low, Moderate, High, VeryHigh, Severe.
; See http://opensimulator.org/wiki/Threat_level for more information on these levels.
; This is the default level and can be overridden with the Allow_ specifications.
; Blanket enabling the ossl functions is dangerous and we do not recommend setting higher
; than 'Low' unless you have a high level of trust in all the users that can run scripts
; in your simulator. It is safer to explicitly allow certain types of user to run
; higher threat level OSSL functions, as detailed later on.
OSFunctionThreatLevel = VeryLow
; Each of the OSSL functions can be enabled or disabled individually.
@ -26,18 +41,28 @@
; "ESTATE_OWNER" -- enable for estate owner
; "PARCEL_OWNER" -- enable for parcel owner
; "PARCEL_GROUP_MEMBER" -- enable for any member of the parcel group
; uuid -- enable for owner of object with specified avatar ID
; uuid -- enable for specified ID (may be avatar or group ID)
; The OSSL function name is prepended with "Allow_" and it checks against
; the owners of the containing prim. There can also be entries beginning with
; 'Creators_". The 'Creators_" parameters can only be a list of UUIDs and it is
; checked against the creator of the script itself.
; Allowing ossl functions for anyone owning a parcel can be dangerous especially if
; a region is selling or otherwise giving away parcel ownership. By default, parcel
; ownership or group membership does not enable OSSL functions. Uncomment the
; appropriate line below to allow parcel ownership and groups to do restricted
; OSSL functions.
; OSSL functions. It might be better to check the list below and edit the ones
; to enable individually.
osslParcelO = ""
osslParcelOG = ""
; osslParcelO = "PARCEL_OWNER,"
; osslParcelOG = "PARCEL_GROUP_MEMBER,PARCEL_OWNER,"
; There are a block of functions for creating and controlling NPCs.
; These can be mis-used so limit use to those you can trust.
osslNPC = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
; ThreatLevel None
Allow_osDrawEllipse = true
Allow_osDrawFilledPolygon = true
@ -72,21 +97,21 @@
Allow_osSetPenColor = true
Allow_osSetPenSize = true
Allow_osSetSunParam = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osTeleportOwner = true
Allow_osTeleportOwner = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osWindActiveModelPluginName = true
Allow_osCheckODE = true
Allow_osCheckODE = true ; Here for completeness. This function cannot be turned off
; ThreatLevel Nuisance
Allow_osSetEstateSunSettings = ESTATE_MANAGER,ESTATE_OWNER
Allow_osSetRegionSunSettings = ESTATE_MANAGER,ESTATE_OWNER
; ThreatLevel VeryLow
Allow_osEjectFromGroup = true
Allow_osForceBreakAllLinks = true
Allow_osForceBreakLink = true
Allow_osEjectFromGroup = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osForceBreakAllLinks = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osForceBreakLink = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetDrawStringSize = true
Allow_osGetWindParam = true
Allow_osInviteToGroup = true
Allow_osInviteToGroup = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osReplaceString = true
Allow_osSetDynamicTextureData = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osSetDynamicTextureDataBlend = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
@ -109,7 +134,7 @@
Allow_osLoadedCreationDate = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osLoadedCreationID = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osLoadedCreationTime = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osMessageObject = true
Allow_osMessageObject = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osRegexIsMatch = true
; ThreatLevel Moderate
@ -138,62 +163,64 @@
Allow_osGetAgentIP = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetLinkPrimitiveParams = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetPhysicsEngineType = true
Allow_osGetPrimitiveParams = true
Allow_osGetRegionMapTexture = ESTATE_OWNER, ESTATE_MANAGER, PARCEL_OWNER
Allow_osGetPrimitiveParams = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetRegionMapTexture = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetScriptEngineName = true
Allow_osGetSimulatorVersion = true
Allow_osMakeNotecard = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osMatchString = true
Allow_osNpcCreate = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcGetPos = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcGetRot = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcLoadAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcMoveTo = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcMoveToTarget = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcPlayAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcRemove = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcSaveAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcSay = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcSetRot = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcShout = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcSit = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcStand = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcStopAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcStopMoveToTarget = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcTouch = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcWhisper = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osNpcCreate = ${XEngine|osslNPC}
Allow_osNpcGetPos = ${XEngine|osslNPC}
Allow_osNpcGetRot = ${XEngine|osslNPC}
Allow_osNpcLoadAppearance = ${XEngine|osslNPC}
Allow_osNpcMoveTo = ${XEngine|osslNPC}
Allow_osNpcMoveToTarget = ${XEngine|osslNPC}
Allow_osNpcPlayAnimation = ${XEngine|osslNPC}
Allow_osNpcRemove = ${XEngine|osslNPC}
Allow_osNpcSaveAppearance = ${XEngine|osslNPC}
Allow_osNpcSay = ${XEngine|osslNPC}
Allow_osNpcSetRot = ${XEngine|osslNPC}
Allow_osNpcShout = ${XEngine|osslNPC}
Allow_osNpcSit = ${XEngine|osslNPC}
Allow_osNpcStand = ${XEngine|osslNPC}
Allow_osNpcStopAnimation = ${XEngine|osslNPC}
Allow_osNpcStopMoveToTarget = ${XEngine|osslNPC}
Allow_osNpcTouch = ${XEngine|osslNPC}
Allow_osNpcWhisper = ${XEngine|osslNPC}
Allow_osOwnerSaveAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osParcelJoin = ESTATE_OWNER, ESTATE_MANAGER
Allow_osParcelJoin = ESTATE_MANAGER,ESTATE_OWNER
Allow_osParcelSubdivide = ESTATE_MANAGER,ESTATE_OWNER
Allow_osRegionRestart = ESTATE_MANAGER,ESTATE_OWNER
Allow_osSetContentType = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osSetPrimitiveParams = true
Allow_osSetPrimitiveParams = false
Allow_osSetProjectionParams = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
Allow_osSetRegionWaterHeight = ESTATE_MANAGER,ESTATE_OWNER
Allow_osSetStateEvents = false
Allow_osSetStateEvents = false ; deprecated
Allow_osSetTerrainHeight = ESTATE_MANAGER,ESTATE_OWNER
Allow_osSetTerrainTexture = ESTATE_MANAGER,ESTATE_OWNER
Allow_osSetTerrainTextureHeight = ESTATE_MANAGER,ESTATE_OWNER
; VeryHigh
Allow_osAgentSaveAppearance = ESTATE_OWNER, ESTATE_MANAGER
Allow_osAgentSaveAppearance = ESTATE_MANAGER,ESTATE_OWNER
; Warning: The next function allows scripts to force animations on avatars without the user giving permission.
; Enabling this can allow forced animations which can trigger traumatic episodes in vulnerable populations.
; Similar things can be said for several of the 'force' functions. Enable with care and control.
Allow_osAvatarPlayAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osAvatarStopAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osForceDetachFromAvatar = ESTATE_OWNER, ESTATE_MANAGER
Allow_osForceOtherSit = ESTATE_OWNER, ESTATE_MANAGER
; Some of these were added as early functionality for NPCs. This has been replaced with the NPC functions.
Allow_osAvatarPlayAnimation = false
Allow_osAvatarStopAnimation = false
Allow_osForceDetachFromAvatar = false
Allow_osForceOtherSit = false
; The notecard functions can cause a lot of load on the region if over used
Allow_osGetNotecard = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetNotecardLine = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osGetNumberOfNotecardLines = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osRegionNotice = ESTATE_OWNER, ESTATE_MANAGER
Allow_osSetRot = ESTATE_OWNER, ESTATE_MANAGER
Allow_osRegionNotice = ESTATE_MANAGER,ESTATE_OWNER
Allow_osSetRot = false
Allow_osSetParcelDetails = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
; Severe
Allow_osConsoleCommand = false
Allow_osForceAttachToOtherAvatarFromInventory = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osForceAttachToOtherAvatarFromInventory = false
Allow_osGrantScriptPermissions = false
Allow_osKickAvatar = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
Allow_osRevokeScriptPermissions = false