latest osslEnable.ini - (git master: 6bac44e)

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

latest osslEnable.ini - (git master: 6bac44e)

Opensimfan

git master: 6bac44e767819b6aa82d0ed503c5bcc7f72b9883

question:
so commands with no level check should not be enabled..?? in terms of
security

P.S.
"Allow_osCheckODE"  should be Moderate or High,  this is more important
than level "none" commands...
core and/or scripting engine commands should be (very)high level in
terms of security...



______________________________________________________________________________________

JAV-logo-met-naam
<http://www.facebook.com/andre.verwijs>

La Ventura (heavy metal band) Tumblr page:
http://laventurafan.tumblr.com

My Twitter Page:
http://twitter.com/OpenSimFan

My Facebook page (Be my friend please :) )
http://www.facebook.com/andre.verwijs

My Google+ page (follow me please )
André Verwijs - Google+ https://plus.google.com/111310545842863442992

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
_________________________________________
OpenSimFan

My Opensim/Second Life Blog
http://verwijs.wordpress.com

(Dutch, basic hardware/software help windows, Mac, Linux)
http://verwijs-pc.nl

My Twitter Page:
http://twitter.com/OpenSimFan

My Facebook page (be my friend, please )
http://www.facebook.com/andre.verwijs

My Google+ page (follow me please )
André Verwijs - Google+
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: latest osslEnable.ini - (git master: 6bac44e)

AJLDuarte
Hi,
        No.. "no level check" means just that, thread level check is skipped, either because they are just simple functions and those checks are pure waste on time and resources, or because thread level logic does not apply, or it is not configurable.

        This does not relate directly to security in all cases: osGetAgentIP does not check thread level anymore

        It makes no sense (it it ever did) to keep the rule of having a "allow_name" for ALL ossl functions, and only those, when some LSL ones should actually have it also.


Detection of the physics engine (in future possible more simulator features/settings) cannot be a security issue, That must be open information, or it is useless.

Ubit





-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of André Verwijs
Sent: Thursday, June 29, 2017 08:35
To: opensim-users opensimulator.org
Subject: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)


git master: 6bac44e767819b6aa82d0ed503c5bcc7f72b9883

question:
so commands with no level check should not be enabled..?? in terms of security

P.S.
"Allow_osCheckODE"  should be Moderate or High,  this is more important than level "none" commands...
core and/or scripting engine commands should be (very)high level in terms of security...



______________________________________________________________________________________

JAV-logo-met-naam
<http://www.facebook.com/andre.verwijs>

La Ventura (heavy metal band) Tumblr page:
http://laventurafan.tumblr.com

My Twitter Page:
http://twitter.com/OpenSimFan

My Facebook page (Be my friend please :) ) http://www.facebook.com/andre.verwijs

My Google+ page (follow me please )
André Verwijs - Google+ https://plus.google.com/111310545842863442992

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: latest osslEnable.ini - (git master: 6bac44e)

Opensimfan
This post has NOT been accepted by the mailing list yet.
This post was updated on .
ok, Thank you... :)
_________________________________________
OpenSimFan

My Opensim/Second Life Blog
http://verwijs.wordpress.com

(Dutch, basic hardware/software help windows, Mac, Linux)
http://verwijs-pc.nl

My Twitter Page:
http://twitter.com/OpenSimFan

My Facebook page (be my friend, please )
http://www.facebook.com/andre.verwijs

My Google+ page (follow me please )
André Verwijs - Google+
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: latest osslEnable.ini - (git master: 6bac44e)

Shaun T. Erickson-2
In reply to this post by AJLDuarte
Ubit,

Please learn to say "threat", not "thread" when talking about threat levels. The words have two very different meanings. :)

-ste

On Thu, Jun 29, 2017 at 3:38 PM, AJLDuarte <[hidden email]> wrote:
Hi,
        No.. "no level check" means just that, thread level check is skipped, either because they are just simple functions and those checks are pure waste on time and resources, or because thread level logic does not apply, or it is not configurable.

        This does not relate directly to security in all cases: osGetAgentIP does not check thread level anymore

        It makes no sense (it it ever did) to keep the rule of having a "allow_name" for ALL ossl functions, and only those, when some LSL ones should actually have it also.


Detection of the physics engine (in future possible more simulator features/settings) cannot be a security issue, That must be open information, or it is useless.

Ubit





-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of André Verwijs
Sent: Thursday, June 29, 2017 08:35
To: opensim-users opensimulator.org
Subject: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)


git master: 6bac44e767819b6aa82d0ed503c5bcc7f72b9883

question:
so commands with no level check should not be enabled..?? in terms of security

P.S.
"Allow_osCheckODE"  should be Moderate or High,  this is more important than level "none" commands...
core and/or scripting engine commands should be (very)high level in terms of security...



______________________________________________________________________________________

JAV-logo-met-naam
<http://www.facebook.com/andre.verwijs>

La Ventura (heavy metal band) Tumblr page:
http://laventurafan.tumblr.com

My Twitter Page:
http://twitter.com/OpenSimFan

My Facebook page (Be my friend please :) ) http://www.facebook.com/andre.verwijs

My Google+ page (follow me please )
André Verwijs - Google+ https://plus.google.com/111310545842863442992

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users



--
        -ste

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: latest osslEnable.ini - (git master: 6bac44e)

AJLDuarte

Yes those also, thx

Ubit

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Shaun T. Erickson
Sent: Thursday, June 29, 2017 21:58
To: [hidden email]
Subject: Re: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)

 

Ubit,

 

Please learn to say "threat", not "thread" when talking about threat levels. The words have two very different meanings. :)

 

-ste

 

On Thu, Jun 29, 2017 at 3:38 PM, AJLDuarte <[hidden email]> wrote:

Hi,
        No.. "no level check" means just that, thread level check is skipped, either because they are just simple functions and those checks are pure waste on time and resources, or because thread level logic does not apply, or it is not configurable.

        This does not relate directly to security in all cases: osGetAgentIP does not check thread level anymore

        It makes no sense (it it ever did) to keep the rule of having a "allow_name" for ALL ossl functions, and only those, when some LSL ones should actually have it also.


Detection of the physics engine (in future possible more simulator features/settings) cannot be a security issue, That must be open information, or it is useless.

Ubit





-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of André Verwijs
Sent: Thursday, June 29, 2017 08:35
To: opensim-users opensimulator.org
Subject: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)


git master: 6bac44e767819b6aa82d0ed503c5bcc7f72b9883

question:
so commands with no level check should not be enabled..?? in terms of security

P.S.
"Allow_osCheckODE"  should be Moderate or High,  this is more important than level "none" commands...
core and/or scripting engine commands should be (very)high level in terms of security...



______________________________________________________________________________________

JAV-logo-met-naam
<http://www.facebook.com/andre.verwijs>

La Ventura (heavy metal band) Tumblr page:
http://laventurafan.tumblr.com

My Twitter Page:
http://twitter.com/OpenSimFan

My Facebook page (Be my friend please :) ) http://www.facebook.com/andre.verwijs

My Google+ page (follow me please )
André Verwijs - Google+ https://plus.google.com/111310545842863442992

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users



 

--

        -ste


_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: latest osslEnable.ini - (git master: 6bac44e)

DZ-2
In reply to this post by Opensimfan
Well,

This conversation seems to beg  for input....

HUH????

"  ...          This does not relate directly to security in all cases: osGetAgentIP does not check thread level anymore..."

osGetAgentIP  has the  MOST potential to be a security issue...  

I mean  REALLY???     you rate the possibility of someone  animating  your avatar without your permission as a higher threat  than allowing someone with a script to do a geo-locate on a person USING an avatar???     That seems  just wrong to me....

I have a long history of arguing  with devs about  the  threat level they seem to arbitrarily decide to apply.  If you are going to do something  WRONG,  at least do it  consistently,  so us  mortals  can use functions that are truly useful  ( without having to beg each and every grid admin and convince them that  Animating the NPC they allowed us  to generate  isn't going to allow us  to track him/her  down in RL ).

dz

P.S.   I've chopped the rest of the conversation  because I'm pretty  sure  no one  REALLY want to re-read the 5 iterations of  Back and Forth..   
*********************************************


_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: latest osslEnable.ini - (git master: 6bac44e)

AJLDuarte

Hi,

                Yes osGetAgentIP does not check threat level anymore

            It is above that, permanently restricted to users with administrator level ( ie gods)

 

                The change was taking out of threat level check the functions that don’t make much sense having it

                That means functions that have no security or load issues and so  available if ossl api is,

but also functions  with other fixed  checks, like this example.

 

                threat level code and tables are growing as ossl grows, with a negative impact on performance that we can avoid.

                Future change may be group similar functions on same “allow_name”

 

                Hope this makes it more clear.

Ubit

               

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of dz
Sent: Friday, June 30, 2017 16:38
To: [hidden email]
Subject: Re: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)

 

Well,

 

This conversation seems to beg  for input....

 

HUH????

 

"  ...          This does not relate directly to security in all cases: osGetAgentIP does not check thread level anymore..."

 

osGetAgentIP  has the  MOST potential to be a security issue...  

 

I mean  REALLY???     you rate the possibility of someone  animating  your avatar without your permission as a higher threat  than allowing someone with a script to do a geo-locate on a person USING an avatar???     That seems  just wrong to me....

 

I have a long history of arguing  with devs about  the  threat level they seem to arbitrarily decide to apply.  If you are going to do something  WRONG,  at least do it  consistently,  so us  mortals  can use functions that are truly useful  ( without having to beg each and every grid admin and convince them that  Animating the NPC they allowed us  to generate  isn't going to allow us  to track him/her  down in RL ).

 

dz

 

P.S.   I've chopped the rest of the conversation  because I'm pretty  sure  no one  REALLY want to re-read the 5 iterations of  Back and Forth..   

*********************************************

 


_______________________________________________
Opensim-users mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
Loading...