git master: 6bac44e767819b6aa82d0ed503c5bcc7f72b9883 question: so commands with no level check should not be enabled..?? in terms of security P.S. "Allow_osCheckODE" should be Moderate or High, this is more important than level "none" commands... core and/or scripting engine commands should be (very)high level in terms of security... ______________________________________________________________________________________ JAV-logo-met-naam <http://www.facebook.com/andre.verwijs> La Ventura (heavy metal band) Tumblr page: http://laventurafan.tumblr.com My Twitter Page: http://twitter.com/OpenSimFan My Facebook page (Be my friend please :) ) http://www.facebook.com/andre.verwijs My Google+ page (follow me please ) André Verwijs - Google+ https://plus.google.com/111310545842863442992 _______________________________________________ Opensim-users mailing list [hidden email] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
_________________________________________
OpenSimFan My Opensim/Second Life Blog http://verwijs.wordpress.com (Dutch, basic hardware/software help windows, Mac, Linux) http://verwijs-pc.nl My Twitter Page: http://twitter.com/OpenSimFan My Facebook page (be my friend, please ) http://www.facebook.com/andre.verwijs My Google+ page (follow me please ) André Verwijs - Google+ |
Hi,
No.. "no level check" means just that, thread level check is skipped, either because they are just simple functions and those checks are pure waste on time and resources, or because thread level logic does not apply, or it is not configurable. This does not relate directly to security in all cases: osGetAgentIP does not check thread level anymore It makes no sense (it it ever did) to keep the rule of having a "allow_name" for ALL ossl functions, and only those, when some LSL ones should actually have it also. Detection of the physics engine (in future possible more simulator features/settings) cannot be a security issue, That must be open information, or it is useless. Ubit -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of André Verwijs Sent: Thursday, June 29, 2017 08:35 To: opensim-users opensimulator.org Subject: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e) git master: 6bac44e767819b6aa82d0ed503c5bcc7f72b9883 question: so commands with no level check should not be enabled..?? in terms of security P.S. "Allow_osCheckODE" should be Moderate or High, this is more important than level "none" commands... core and/or scripting engine commands should be (very)high level in terms of security... ______________________________________________________________________________________ JAV-logo-met-naam <http://www.facebook.com/andre.verwijs> La Ventura (heavy metal band) Tumblr page: http://laventurafan.tumblr.com My Twitter Page: http://twitter.com/OpenSimFan My Facebook page (Be my friend please :) ) http://www.facebook.com/andre.verwijs My Google+ page (follow me please ) André Verwijs - Google+ https://plus.google.com/111310545842863442992 _______________________________________________ Opensim-users mailing list [hidden email] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users _______________________________________________ Opensim-users mailing list [hidden email] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users |
This post has NOT been accepted by the mailing list yet.
This post was updated on .
ok, Thank you... :)
_________________________________________
OpenSimFan My Opensim/Second Life Blog http://verwijs.wordpress.com (Dutch, basic hardware/software help windows, Mac, Linux) http://verwijs-pc.nl My Twitter Page: http://twitter.com/OpenSimFan My Facebook page (be my friend, please ) http://www.facebook.com/andre.verwijs My Google+ page (follow me please ) André Verwijs - Google+ |
In reply to this post by AJLDuarte
Ubit, Please learn to say "threat", not "thread" when talking about threat levels. The words have two very different meanings. :) -ste On Thu, Jun 29, 2017 at 3:38 PM, AJLDuarte <[hidden email]> wrote: Hi, -ste
_______________________________________________ Opensim-users mailing list [hidden email] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users |
Yes those also, thx Ubit From: [hidden email] [mailto:[hidden email]] On Behalf Of Shaun T. Erickson Ubit, Please learn to say "threat", not "thread" when talking about threat levels. The words have two very different meanings. :) -ste On Thu, Jun 29, 2017 at 3:38 PM, AJLDuarte <[hidden email]> wrote: Hi, -- -ste _______________________________________________ Opensim-users mailing list [hidden email] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users |
In reply to this post by Opensimfan
Well,
This conversation seems to beg for input.... HUH???? " ... This does not relate directly to security in all cases: osGetAgentIP does not check thread level anymore..." osGetAgentIP has the MOST potential to be a security issue... I mean REALLY??? you rate the possibility of someone animating your avatar without your permission as a higher threat than allowing someone with a script to do a geo-locate on a person USING an avatar??? That seems just wrong to me.... I have a long history of arguing with devs about the threat level they seem to arbitrarily decide to apply. If you are going to do something WRONG, at least do it consistently, so us mortals can use functions that are truly useful ( without having to beg each and every grid admin and convince them that Animating the NPC they allowed us to generate isn't going to allow us to track him/her down in RL ). dz P.S. I've chopped the rest of the conversation because I'm pretty sure no one REALLY want to re-read the 5 iterations of Back and Forth.. ****************************** _______________________________________________ Opensim-users mailing list [hidden email] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users |
Hi, Yes osGetAgentIP does not check threat level anymore It is above that, permanently restricted to users with administrator level ( ie gods) The change was taking out of threat level check the functions that don’t make much sense having it That means functions that have no security or load issues and so available if ossl api is, but also functions with other fixed checks, like this example. threat level code and tables are growing as ossl grows, with a negative impact on performance that we can avoid. Future change may be group similar functions on same “allow_name” Hope this makes it more clear. Ubit From: [hidden email] [mailto:[hidden email]] On Behalf Of dz Well, This conversation seems to beg for input.... HUH???? " ... This does not relate directly to security in all cases: osGetAgentIP does not check thread level anymore..." osGetAgentIP has the MOST potential to be a security issue... I mean REALLY??? you rate the possibility of someone animating your avatar without your permission as a higher threat than allowing someone with a script to do a geo-locate on a person USING an avatar??? That seems just wrong to me.... I have a long history of arguing with devs about the threat level they seem to arbitrarily decide to apply. If you are going to do something WRONG, at least do it consistently, so us mortals can use functions that are truly useful ( without having to beg each and every grid admin and convince them that Animating the NPC they allowed us to generate isn't going to allow us to track him/her down in RL ).
P.S. I've chopped the rest of the conversation because I'm pretty sure no one REALLY want to re-read the 5 iterations of Back and Forth..
_______________________________________________ Opensim-users mailing list [hidden email] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users |
Free forum by Nabble | Edit this page |