aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorRobert Adams2015-04-14 06:18:25 -0700
committerRobert Adams2015-04-14 06:18:25 -0700
commit520e6ed6f38c6432ac115b37d1fd48934319ae61 (patch)
treec24c05a7e0f49ec5a790aa2dbd223e8edea1f114
parentAdd warnings in osslEnable.ini about use of osAvatarPlayAnimation which force... (diff)
downloadopensim-SC-520e6ed6f38c6432ac115b37d1fd48934319ae61.zip
opensim-SC-520e6ed6f38c6432ac115b37d1fd48934319ae61.tar.gz
opensim-SC-520e6ed6f38c6432ac115b37d1fd48934319ae61.tar.bz2
opensim-SC-520e6ed6f38c6432ac115b37d1fd48934319ae61.tar.xz
Remove ossl settings in XEngine section of OpenSim.ini.example with note to where
they were moved. At the moment, ossl settings are in the XEngine section although they should apply to any LSLish script engine. Moves all ossl settings to osslEnable.ini Update osslEnable.ini with more decriptive comments and set some functions to be more restrictive -- especially the functions that allow scripts to do things to other avatars and prims.
-rw-r--r--bin/OpenSim.ini.example48
-rwxr-xr-xbin/config-include/osslEnable.ini109
2 files changed, 69 insertions, 88 deletions
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 14d6e23..e911516 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -919,53 +919,7 @@
919 ;; Compile debug info (line numbers) into the script assemblies 919 ;; Compile debug info (line numbers) into the script assemblies
920 ; CompileWithDebugInformation = true 920 ; CompileWithDebugInformation = true
921 921
922 ;; Allow the user of mod* functions. This allows a script to pass messages 922 ; ==== Settings for MOD and OSSL functions have been moved to the [OSSL] section
923 ;; to a region module via the modSendCommand() function
924 ;; Default is false
925 ; AllowMODFunctions = false
926
927 ;# {AllowOSFunctions} {Enabled:true} {Allow OSFunctions? (DANGEROUS!)} {true false} false
928 ;; Allow the use of os* functions (some are dangerous)
929 ; AllowOSFunctions = false
930
931 ;# {AllowLightShareFunctions} {Enabled:false [LightShare]enable_windlight:true} {Allow LightShare functions?} {true false} false
932 ; Allow the use of LightShare functions.
933 ; The setting enable_windlight = true must also be enabled in the [LightShare] section.
934 ; AllowLightShareFunctions = false
935
936 ;# {OSFunctionThreatLevel} {Enabled:true AllowOSFunctions:true} {OSFunction threat level? (DANGEROUS!)} {None VeryLow Low Moderate High VeryHigh Severe} VeryLow
937 ;; Threat level to allow, one of None, VeryLow, Low, Moderate, High, VeryHigh, Severe
938 ;; See http://opensimulator.org/wiki/Threat_level for more information on these levels.
939 ;; We do not recommend that use set a general level above Low unless you have a high level of trust
940 ;; in all the users that can run scripts in your simulator. It is safer to explicitly
941 ;; allow certain types of user to run higher threat level OSSL functions, as detailed later on.
942 OSFunctionThreatLevel = VeryLow
943
944 ; OS Functions enable/disable
945 ; For each function, you can add one line, as shown
946 ; The default for all functions allows them if below threat level
947
948 ; true allows the use of the function unconditionally
949 ; Allow_osSetRegionWaterHeight = true
950
951 ; false disables the function completely
952 ; Allow_osSetRegionWaterHeight = false
953
954 ; Comma separated list of UUIDS allows the function for that list of UUIDS
955 ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
956
957 ; Comma separated list of owner classes that allow the function for a particular class of owners. Choices are
958 ; - PARCEL_GROUP_MEMBER: allow if the object group is the same group as the parcel
959 ; - PARCEL_OWNER: allow if the object owner is the parcel owner
960 ; - ESTATE_MANAGER: allow if the object owner is an estate manager
961 ; - ESTATE_OWNER: allow if the object owner is the estate owner
962 ; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb, PARCEL_OWNER, ESTATE_OWNER>, ...
963
964 ; You can also use script creators as the uuid
965 ; Creators_osSetRegionWaterHeight = <uuid>, ...
966
967 ; If both Allow_ and Creators_ are given, effective permissions
968 ; are the union of the two.
969 923
970 ;# {EventLimit} {} {Amount of time a script can spend in an event handler} {} 30 924 ;# {EventLimit} {} {Amount of time a script can spend in an event handler} {} 30
971 ;; Time a script can spend in an event handler before it is interrupted 925 ;; Time a script can spend in an event handler before it is interrupted
diff --git a/bin/config-include/osslEnable.ini b/bin/config-include/osslEnable.ini
index 988060e..ce0e261 100755
--- a/bin/config-include/osslEnable.ini
+++ b/bin/config-include/osslEnable.ini
@@ -10,10 +10,25 @@
10; execute a function is based on the owner of the prim holding the script. 10; execute a function is based on the owner of the prim holding the script.
11 11
12[XEngine] 12[XEngine]
13 AllowModFunctions = true 13 ; Allow the use of os* functions (some are dangerous)
14 AllowOSFunctions = true 14 AllowOSFunctions = true
15
16 ; Allow the user of mod* functions. This allows a script to pass messages
17 ; to a region module via the modSendCommand() function and is used by some
18 ; modules to extend the scripting language.
19 AllowMODFunctions = true
20
21 ; Allow the use of LightShare functions.
22 ; The setting enable_windlight = true must also be enabled in the [LightShare] section.
15 AllowLightshareFunctions = true 23 AllowLightshareFunctions = true
16 24
25 ; Threat level to allow. One of None, VeryLow, Low, Moderate, High, VeryHigh, Severe.
26 ; See http://opensimulator.org/wiki/Threat_level for more information on these levels.
27 ; This is the default level and can be overridden with the Allow_ specifications.
28 ; Blanket enabling the ossl functions is dangerous and we do not recommend setting higher
29 ; than 'Low' unless you have a high level of trust in all the users that can run scripts
30 ; in your simulator. It is safer to explicitly allow certain types of user to run
31 ; higher threat level OSSL functions, as detailed later on.
17 OSFunctionThreatLevel = VeryLow 32 OSFunctionThreatLevel = VeryLow
18 33
19 ; Each of the OSSL functions can be enabled or disabled individually. 34 ; Each of the OSSL functions can be enabled or disabled individually.
@@ -26,17 +41,27 @@
26 ; "ESTATE_OWNER" -- enable for estate owner 41 ; "ESTATE_OWNER" -- enable for estate owner
27 ; "PARCEL_OWNER" -- enable for parcel owner 42 ; "PARCEL_OWNER" -- enable for parcel owner
28 ; "PARCEL_GROUP_MEMBER" -- enable for any member of the parcel group 43 ; "PARCEL_GROUP_MEMBER" -- enable for any member of the parcel group
29 ; uuid -- enable for owner of object with specified avatar ID 44 ; uuid -- enable for specified ID (may be avatar or group ID)
45
46 ; The OSSL function name is prepended with "Allow_" and it checks against
47 ; the owners of the containing prim. There can also be entries beginning with
48 ; 'Creators_". The 'Creators_" parameters can only be a list of UUIDs and it is
49 ; checked against the creator of the script itself.
30 50
31 ; Allowing ossl functions for anyone owning a parcel can be dangerous especially if 51 ; Allowing ossl functions for anyone owning a parcel can be dangerous especially if
32 ; a region is selling or otherwise giving away parcel ownership. By default, parcel 52 ; a region is selling or otherwise giving away parcel ownership. By default, parcel
33 ; ownership or group membership does not enable OSSL functions. Uncomment the 53 ; ownership or group membership does not enable OSSL functions. Uncomment the
34 ; appropriate line below to allow parcel ownership and groups to do restricted 54 ; appropriate line below to allow parcel ownership and groups to do restricted
35 ; OSSL functions. 55 ; OSSL functions. It might be better to check the list below and edit the ones
56 ; to enable individually.
36 osslParcelO = "" 57 osslParcelO = ""
37 osslParcelOG = "" 58 osslParcelOG = ""
38 ; osslParcelO = "PARCEL_OWNER," 59 ; osslParcelO = "PARCEL_OWNER,"
39 ; osslParcelOG = "PARCEL_GROUP_MEMBER,PARCEL_OWNER," 60 ; osslParcelOG = "PARCEL_GROUP_MEMBER,PARCEL_OWNER,"
61
62 ; There are a block of functions for creating and controlling NPCs.
63 ; These can be mis-used so limit use to those you can trust.
64 osslNPC = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
40 65
41 ; ThreatLevel None 66 ; ThreatLevel None
42 Allow_osDrawEllipse = true 67 Allow_osDrawEllipse = true
@@ -72,21 +97,21 @@
72 Allow_osSetPenColor = true 97 Allow_osSetPenColor = true
73 Allow_osSetPenSize = true 98 Allow_osSetPenSize = true
74 Allow_osSetSunParam = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER 99 Allow_osSetSunParam = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
75 Allow_osTeleportOwner = true 100 Allow_osTeleportOwner = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
76 Allow_osWindActiveModelPluginName = true 101 Allow_osWindActiveModelPluginName = true
77 Allow_osCheckODE = true 102 Allow_osCheckODE = true ; Here for completeness. This function cannot be turned off
78 103
79 ; ThreatLevel Nuisance 104 ; ThreatLevel Nuisance
80 Allow_osSetEstateSunSettings = ESTATE_MANAGER,ESTATE_OWNER 105 Allow_osSetEstateSunSettings = ESTATE_MANAGER,ESTATE_OWNER
81 Allow_osSetRegionSunSettings = ESTATE_MANAGER,ESTATE_OWNER 106 Allow_osSetRegionSunSettings = ESTATE_MANAGER,ESTATE_OWNER
82 107
83 ; ThreatLevel VeryLow 108 ; ThreatLevel VeryLow
84 Allow_osEjectFromGroup = true 109 Allow_osEjectFromGroup = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
85 Allow_osForceBreakAllLinks = true 110 Allow_osForceBreakAllLinks = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
86 Allow_osForceBreakLink = true 111 Allow_osForceBreakLink = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
87 Allow_osGetDrawStringSize = true 112 Allow_osGetDrawStringSize = true
88 Allow_osGetWindParam = true 113 Allow_osGetWindParam = true
89 Allow_osInviteToGroup = true 114 Allow_osInviteToGroup = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
90 Allow_osReplaceString = true 115 Allow_osReplaceString = true
91 Allow_osSetDynamicTextureData = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER 116 Allow_osSetDynamicTextureData = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
92 Allow_osSetDynamicTextureDataBlend = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER 117 Allow_osSetDynamicTextureDataBlend = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
@@ -109,7 +134,7 @@
109 Allow_osLoadedCreationDate = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER 134 Allow_osLoadedCreationDate = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
110 Allow_osLoadedCreationID = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER 135 Allow_osLoadedCreationID = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
111 Allow_osLoadedCreationTime = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER 136 Allow_osLoadedCreationTime = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
112 Allow_osMessageObject = true 137 Allow_osMessageObject = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
113 Allow_osRegexIsMatch = true 138 Allow_osRegexIsMatch = true
114 139
115 ; ThreatLevel Moderate 140 ; ThreatLevel Moderate
@@ -138,62 +163,64 @@
138 Allow_osGetAgentIP = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 163 Allow_osGetAgentIP = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
139 Allow_osGetLinkPrimitiveParams = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 164 Allow_osGetLinkPrimitiveParams = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
140 Allow_osGetPhysicsEngineType = true 165 Allow_osGetPhysicsEngineType = true
141 Allow_osGetPrimitiveParams = true 166 Allow_osGetPrimitiveParams = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
142 Allow_osGetRegionMapTexture = ESTATE_OWNER, ESTATE_MANAGER, PARCEL_OWNER 167 Allow_osGetRegionMapTexture = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
143 Allow_osGetScriptEngineName = true 168 Allow_osGetScriptEngineName = true
144 Allow_osGetSimulatorVersion = true 169 Allow_osGetSimulatorVersion = true
145 Allow_osMakeNotecard = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 170 Allow_osMakeNotecard = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
146 Allow_osMatchString = true 171 Allow_osMatchString = true
147 Allow_osNpcCreate = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 172 Allow_osNpcCreate = ${XEngine|osslNPC}
148 Allow_osNpcGetPos = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 173 Allow_osNpcGetPos = ${XEngine|osslNPC}
149 Allow_osNpcGetRot = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 174 Allow_osNpcGetRot = ${XEngine|osslNPC}
150 Allow_osNpcLoadAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 175 Allow_osNpcLoadAppearance = ${XEngine|osslNPC}
151 Allow_osNpcMoveTo = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 176 Allow_osNpcMoveTo = ${XEngine|osslNPC}
152 Allow_osNpcMoveToTarget = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 177 Allow_osNpcMoveToTarget = ${XEngine|osslNPC}
153 Allow_osNpcPlayAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 178 Allow_osNpcPlayAnimation = ${XEngine|osslNPC}
154 Allow_osNpcRemove = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 179 Allow_osNpcRemove = ${XEngine|osslNPC}
155 Allow_osNpcSaveAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 180 Allow_osNpcSaveAppearance = ${XEngine|osslNPC}
156 Allow_osNpcSay = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 181 Allow_osNpcSay = ${XEngine|osslNPC}
157 Allow_osNpcSetRot = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 182 Allow_osNpcSetRot = ${XEngine|osslNPC}
158 Allow_osNpcShout = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 183 Allow_osNpcShout = ${XEngine|osslNPC}
159 Allow_osNpcSit = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 184 Allow_osNpcSit = ${XEngine|osslNPC}
160 Allow_osNpcStand = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 185 Allow_osNpcStand = ${XEngine|osslNPC}
161 Allow_osNpcStopAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 186 Allow_osNpcStopAnimation = ${XEngine|osslNPC}
162 Allow_osNpcStopMoveToTarget = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 187 Allow_osNpcStopMoveToTarget = ${XEngine|osslNPC}
163 Allow_osNpcTouch = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 188 Allow_osNpcTouch = ${XEngine|osslNPC}
164 Allow_osNpcWhisper = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 189 Allow_osNpcWhisper = ${XEngine|osslNPC}
165 Allow_osOwnerSaveAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 190 Allow_osOwnerSaveAppearance = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
166 Allow_osParcelJoin = ESTATE_OWNER, ESTATE_MANAGER 191 Allow_osParcelJoin = ESTATE_MANAGER,ESTATE_OWNER
167 Allow_osParcelSubdivide = ESTATE_MANAGER,ESTATE_OWNER 192 Allow_osParcelSubdivide = ESTATE_MANAGER,ESTATE_OWNER
168 Allow_osRegionRestart = ESTATE_MANAGER,ESTATE_OWNER 193 Allow_osRegionRestart = ESTATE_MANAGER,ESTATE_OWNER
169 Allow_osSetContentType = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 194 Allow_osSetContentType = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
170 Allow_osSetPrimitiveParams = true 195 Allow_osSetPrimitiveParams = false
171 Allow_osSetProjectionParams = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER 196 Allow_osSetProjectionParams = ${XEngine|osslParcelOG}ESTATE_MANAGER,ESTATE_OWNER
172 Allow_osSetRegionWaterHeight = ESTATE_MANAGER,ESTATE_OWNER 197 Allow_osSetRegionWaterHeight = ESTATE_MANAGER,ESTATE_OWNER
173 Allow_osSetStateEvents = false 198 Allow_osSetStateEvents = false ; deprecated
174 Allow_osSetTerrainHeight = ESTATE_MANAGER,ESTATE_OWNER 199 Allow_osSetTerrainHeight = ESTATE_MANAGER,ESTATE_OWNER
175 Allow_osSetTerrainTexture = ESTATE_MANAGER,ESTATE_OWNER 200 Allow_osSetTerrainTexture = ESTATE_MANAGER,ESTATE_OWNER
176 Allow_osSetTerrainTextureHeight = ESTATE_MANAGER,ESTATE_OWNER 201 Allow_osSetTerrainTextureHeight = ESTATE_MANAGER,ESTATE_OWNER
177 202
178 ; VeryHigh 203 ; VeryHigh
179 Allow_osAgentSaveAppearance = ESTATE_OWNER, ESTATE_MANAGER 204 Allow_osAgentSaveAppearance = ESTATE_MANAGER,ESTATE_OWNER
180 ; Warning: The next function allows scripts to force animations on avatars without the user giving permission. 205 ; Warning: The next function allows scripts to force animations on avatars without the user giving permission.
181 ; Enabling this can allow forced animations which can trigger traumatic episodes in vulnerable populations. 206 ; Enabling this can allow forced animations which can trigger traumatic episodes in vulnerable populations.
182 ; Similar things can be said for several of the 'force' functions. Enable with care and control. 207 ; Similar things can be said for several of the 'force' functions. Enable with care and control.
183 Allow_osAvatarPlayAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 208 ; Some of these were added as early functionality for NPCs. This has been replaced with the NPC functions.
184 Allow_osAvatarStopAnimation = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 209 Allow_osAvatarPlayAnimation = false
185 Allow_osForceDetachFromAvatar = ESTATE_OWNER, ESTATE_MANAGER 210 Allow_osAvatarStopAnimation = false
186 Allow_osForceOtherSit = ESTATE_OWNER, ESTATE_MANAGER 211 Allow_osForceDetachFromAvatar = false
212 Allow_osForceOtherSit = false
213 ; The notecard functions can cause a lot of load on the region if over used
187 Allow_osGetNotecard = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 214 Allow_osGetNotecard = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
188 Allow_osGetNotecardLine = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 215 Allow_osGetNotecardLine = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
189 Allow_osGetNumberOfNotecardLines = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 216 Allow_osGetNumberOfNotecardLines = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
190 Allow_osRegionNotice = ESTATE_OWNER, ESTATE_MANAGER 217 Allow_osRegionNotice = ESTATE_MANAGER,ESTATE_OWNER
191 Allow_osSetRot = ESTATE_OWNER, ESTATE_MANAGER 218 Allow_osSetRot = false
192 Allow_osSetParcelDetails = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 219 Allow_osSetParcelDetails = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
193 220
194 ; Severe 221 ; Severe
195 Allow_osConsoleCommand = false 222 Allow_osConsoleCommand = false
196 Allow_osForceAttachToOtherAvatarFromInventory = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 223 Allow_osForceAttachToOtherAvatarFromInventory = false
197 Allow_osGrantScriptPermissions = false 224 Allow_osGrantScriptPermissions = false
198 Allow_osKickAvatar = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER 225 Allow_osKickAvatar = ${XEngine|osslParcelO}ESTATE_MANAGER,ESTATE_OWNER
199 Allow_osRevokeScriptPermissions = false 226 Allow_osRevokeScriptPermissions = false