Any reason these functions could not be throttled? Or are there other implications besides the possible DOS?
On Mon, Aug 3, 2015 at 11:48 AM, Melanie <[email protected]> wrote: > Your participating grid and region owners will just have to change > the setting. A change to the default is not an option. That would > affect unwitting OpenSim users and possibly lead to problems for > grids that they would be hard put to accurately troubleshoot. > > - Melanie > > On 03/08/2015 20:12, Chris Weymann wrote: > > Hello all, > > > > Thats right. With bad script it is posible to make a dos to a robust > server. > > But this is posible with LSL funktion too. I think the functionality > shold not be restricted becouse of possibly bad scripts. > > The permission system is the wrong way to protect the region or robust > stability. For this needs the script engine a trigger limit for some > funktions. > > My meaning is that this funktions and that everyone can use it are > importand for some typs of scripts. > > I have make this patch because i want make a vendor system who works > over HG. For this is it importand what everyone can use this funktions. > > > > @Oren > > Then it must be you can change it back to "Low". It is ok for me. > > > > Best regards > > Chris > > > > -----Ursprüngliche Nachricht----- > > Von: [email protected] [mailto: > [email protected]] Im Auftrag von Melanie > > Gesendet: Montag, 3. August 2015 17:06 > > An: [email protected] > > Betreff: Re: [Opensim-dev] Changing the permissions of osAvatarName2Key > > > > Wrong. This function (and others classified thus) have a very real > potential for DOS attacks. Calling them with a random argument will cause a > request to the ROBUST services which could be inundated with 10s of > thousands of requests by abusers with build/script rights. > > There is no limit or throttle on them. > > > > - Melanie > > > > > > On 03/08/2015 15:50, Oren Hurvitz wrote: > >> But what do you think the threat level *should* be? I think this is a > >> safe function that should be callable by everyone, since names and > >> avatar UUID's are public knowledge. > >> > >> On Mon, Aug 3, 2015 at 4:46 PM, Mister Blue > >> <[email protected]> > >> wrote: > >> > >>> Changing the ThreatLevel as opposed to changing the entry in > >>> 'osslEnable.ini' would cause existing installation that are using > >>> ThreatLevels as os function control to allow these functions. The > >>> ThreatLevel change would change regions that enable os functions but > >>> only the VeryLow functions. Are there many regions that do this? > >>> > >>> As an alternative, leave it ThreatLevel 'low' but change the entry in > >>> osslEnable.ini to 'true'. This would enable the function for all > >>> while keeping the previous threat note. Region owners who are using > >>> the ThreatLevel for control will probably think this is set at the > >>> level they need. Those who are not using ThreatLevel (and are > >>> probably just using the osslEnable.ini settings) wouldn't mind > >>> changing these functions to be enabled. > >>> > >>> Also, if changing ThreatLevel is a Good Thing, consider changing > >>> osGetGridName and osGetGridNick to VeryLow as these functions are > >>> needed by scripts while HGing. These are already 'true' in > osslEnable.ini. > >>> > >>> == mb > >>> > >>> On Mon, Aug 3, 2015 at 5:44 AM, Oren Hurvitz <[email protected]> wrote: > >>> > >>>> Currently, osAvatarName2Key has ThreatLevel "Low" and is further > >>>> restricted to the estate manager or owner. > >>>> > >>>> A pending patch will change the permission to VeryLow, and allow the > >>>> function to be called by anyone. > >>>> > >>>> I think that's fine: this doesn't seem like a sensitive function. Is > >>>> there any reason not to allow this? > >>>> > >>>> And while we're at it, osKey2Name is similarly restricted, and I > >>>> think it should similarly be allowed to be called by anyone. > >>>> > >>>> -- > >>>> Oren Hurvitz > >>>> VP R&D > >>>> Kitely Ltd. > >>>> > >>>> Email: [email protected] <[email protected]> > >>>> > >>>> _______________________________________________ > >>>> Opensim-dev mailing list > >>>> [email protected] > >>>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > >>>> > >>>> > >>> > >>> _______________________________________________ > >>> Opensim-dev mailing list > >>> [email protected] > >>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > >>> > >>> > >> > >> > >> > >> > >> _______________________________________________ > >> Opensim-dev mailing list > >> [email protected] > >> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > > _______________________________________________ > > Opensim-dev mailing list > > [email protected] > > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > > _______________________________________________ > > Opensim-dev mailing list > > [email protected] > > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > > > > > _______________________________________________ > Opensim-dev mailing list > [email protected] > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev >
_______________________________________________ Opensim-dev mailing list [email protected] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
