Re: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)

2017-06-30 Thread AJLDuarte 
Hi,

Yes osGetAgentIP does not check threat level anymore

It is above that, permanently restricted to users with 
administrator level ( ie gods)

 

The change was taking out of threat level check the functions 
that don’t make much sense having it

That means functions that have no security or load issues and 
so  available if ossl api is,

but also functions  with other fixed  checks, like this example.

 

threat level code and tables are growing as ossl grows, with a 
negative impact on performance that we can avoid.

Future change may be group similar functions on same 
“allow_name”

 

Hope this makes it more clear.

Ubit



 

From: opensim-users-boun...@opensimulator.org 
[mailto:opensim-users-boun...@opensimulator.org] On Behalf Of dz
Sent: Friday, June 30, 2017 16:38
To: opensim-users@opensimulator.org
Subject: Re: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)

 

Well,

 

This conversation seems to beg  for input

 

HUH

 

"  ...  This does not relate directly to security in all cases: 
osGetAgentIP does not check thread level anymore..."

 

osGetAgentIP  has the  MOST potential to be a security issue...  

 

I mean  REALLY??? you rate the possibility of someone  animating  your 
avatar without your permission as a higher threat  than allowing someone with a 
script to do a geo-locate on a person USING an avatar??? That seems  just 
wrong to me

 

I have a long history of arguing  with devs about  the  threat level they seem 
to arbitrarily decide to apply.  If you are going to do something  WRONG,  at 
least do it  consistently,  so us  mortals  can use functions that are truly 
useful  ( without having to beg each and every grid admin and convince them 
that  Animating the NPC they allowed us  to generate  isn't going to allow us  
to track him/her  down in RL ).

 

dz

 

P.S.   I've chopped the rest of the conversation  because I'm pretty  sure  no 
one  REALLY want to re-read the 5 iterations of  Back and Forth..   

*

 

___
Opensim-users mailing list
Opensim-users@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

Re: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)

2017-06-30 Thread dz 
Well,

This conversation seems to beg  for input

HUH

"  ...  This does not relate directly to security in all cases:
osGetAgentIP does not check thread level anymore..."

osGetAgentIP  has the  MOST potential to be a security issue...

I mean  REALLY??? you rate the possibility of someone  animating  your
avatar without your permission as a higher threat  than allowing someone
with a script to do a geo-locate on a person USING an avatar??? That
seems  just wrong to me

I have a long history of arguing  with devs about  the  threat level they
seem to arbitrarily decide to apply.  If you are going to do something
 WRONG,  at least do it  consistently,  so us  mortals  can use functions
that are truly useful  ( without having to beg each and every grid admin
and convince them that  Animating the NPC they allowed us  to generate
 isn't going to allow us  to track him/her  down in RL ).

dz
>

P.S.   I've chopped the rest of the conversation  because I'm pretty  sure
 no one  REALLY want to re-read the 5 iterations of  Back and Forth..

> *
>
___
Opensim-users mailing list
Opensim-users@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

Re: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)

2017-06-29 Thread AJLDuarte 
Yes those also, thx

Ubit

 

From: opensim-users-boun...@opensimulator.org 
[mailto:opensim-users-boun...@opensimulator.org] On Behalf Of Shaun T. Erickson
Sent: Thursday, June 29, 2017 21:58
To: opensim-users@opensimulator.org
Subject: Re: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)

 

Ubit,

 

Please learn to say "threat", not "thread" when talking about threat levels. 
The words have two very different meanings. :)

 

-ste

 

On Thu, Jun 29, 2017 at 3:38 PM, AJLDuarte <ajldua...@sapo.pt> wrote:

Hi,
No.. "no level check" means just that, thread level check is skipped, 
either because they are just simple functions and those checks are pure waste 
on time and resources, or because thread level logic does not apply, or it is 
not configurable.

This does not relate directly to security in all cases: osGetAgentIP 
does not check thread level anymore

It makes no sense (it it ever did) to keep the rule of having a 
"allow_name" for ALL ossl functions, and only those, when some LSL ones should 
actually have it also.


Detection of the physics engine (in future possible more simulator 
features/settings) cannot be a security issue, That must be open information, 
or it is useless.

Ubit





-Original Message-
From: opensim-users-boun...@opensimulator.org 
[mailto:opensim-users-boun...@opensimulator.org] On Behalf Of André Verwijs
Sent: Thursday, June 29, 2017 08:35
To: opensim-users opensimulator.org
Subject: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)


git master: 6bac44e767819b6aa82d0ed503c5bcc7f72b9883

question:
so commands with no level check should not be enabled..?? in terms of security

P.S.
"Allow_osCheckODE"  should be Moderate or High,  this is more important than 
level "none" commands...
core and/or scripting engine commands should be (very)high level in terms of 
security...



__

JAV-logo-met-naam
<http://www.facebook.com/andre.verwijs>

La Ventura (heavy metal band) Tumblr page:
http://laventurafan.tumblr.com

My Twitter Page:
http://twitter.com/OpenSimFan

My Facebook page (Be my friend please :) ) http://www.facebook.com/andre.verwijs

My Google+ page (follow me please )
André Verwijs - Google+ https://plus.google.com/111310545842863442992

___
Opensim-users mailing list
Opensim-users@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

___
Opensim-users mailing list
Opensim-users@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users





 

-- 

-ste

___
Opensim-users mailing list
Opensim-users@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

Re: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)

2017-06-29 Thread Shaun T. Erickson 
Ubit,

Please learn to say "threat", not "thread" when talking about threat
levels. The words have two very different meanings. :)

-ste

On Thu, Jun 29, 2017 at 3:38 PM, AJLDuarte <ajldua...@sapo.pt> wrote:

> Hi,
> No.. "no level check" means just that, thread level check is
> skipped, either because they are just simple functions and those checks are
> pure waste on time and resources, or because thread level logic does not
> apply, or it is not configurable.
>
> This does not relate directly to security in all cases:
> osGetAgentIP does not check thread level anymore
>
> It makes no sense (it it ever did) to keep the rule of having a
> "allow_name" for ALL ossl functions, and only those, when some LSL ones
> should actually have it also.
>
>
> Detection of the physics engine (in future possible more simulator
> features/settings) cannot be a security issue, That must be open
> information, or it is useless.
>
> Ubit
>
>
>
>
>
> -Original Message-
> From: opensim-users-boun...@opensimulator.org [mailto:
> opensim-users-boun...@opensimulator.org] On Behalf Of André Verwijs
> Sent: Thursday, June 29, 2017 08:35
> To: opensim-users opensimulator.org
> Subject: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)
>
>
> git master: 6bac44e767819b6aa82d0ed503c5bcc7f72b9883
>
> question:
> so commands with no level check should not be enabled..?? in terms of
> security
>
> P.S.
> "Allow_osCheckODE"  should be Moderate or High,  this is more important
> than level "none" commands...
> core and/or scripting engine commands should be (very)high level in terms
> of security...
>
>
>
> 
> __
>
> JAV-logo-met-naam
> <http://www.facebook.com/andre.verwijs>
>
> La Ventura (heavy metal band) Tumblr page:
> http://laventurafan.tumblr.com
>
> My Twitter Page:
> http://twitter.com/OpenSimFan
>
> My Facebook page (Be my friend please :) ) http://www.facebook.com/andre.
> verwijs
>
> My Google+ page (follow me please )
> André Verwijs - Google+ https://plus.google.com/111310545842863442992
>
> ___
> Opensim-users mailing list
> Opensim-users@opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
>
> ___
> Opensim-users mailing list
> Opensim-users@opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
>



-- 
-ste
___
Opensim-users mailing list
Opensim-users@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

Re: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)

2017-06-29 Thread AJLDuarte 
Hi,
No.. "no level check" means just that, thread level check is skipped, 
either because they are just simple functions and those checks are pure waste 
on time and resources, or because thread level logic does not apply, or it is 
not configurable.

This does not relate directly to security in all cases: osGetAgentIP 
does not check thread level anymore

It makes no sense (it it ever did) to keep the rule of having a 
"allow_name" for ALL ossl functions, and only those, when some LSL ones should 
actually have it also.


Detection of the physics engine (in future possible more simulator 
features/settings) cannot be a security issue, That must be open information, 
or it is useless.

Ubit





-Original Message-
From: opensim-users-boun...@opensimulator.org 
[mailto:opensim-users-boun...@opensimulator.org] On Behalf Of André Verwijs
Sent: Thursday, June 29, 2017 08:35
To: opensim-users opensimulator.org
Subject: [Opensim-users] latest osslEnable.ini - (git master: 6bac44e)


git master: 6bac44e767819b6aa82d0ed503c5bcc7f72b9883

question:
so commands with no level check should not be enabled..?? in terms of security

P.S.
"Allow_osCheckODE"  should be Moderate or High,  this is more important than 
level "none" commands...
core and/or scripting engine commands should be (very)high level in terms of 
security...



__

JAV-logo-met-naam
<http://www.facebook.com/andre.verwijs>

La Ventura (heavy metal band) Tumblr page:
http://laventurafan.tumblr.com

My Twitter Page:
http://twitter.com/OpenSimFan

My Facebook page (Be my friend please :) ) http://www.facebook.com/andre.verwijs

My Google+ page (follow me please )
André Verwijs - Google+ https://plus.google.com/111310545842863442992

___
Opensim-users mailing list
Opensim-users@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

___
Opensim-users mailing list
Opensim-users@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users

[Opensim-users] latest osslEnable.ini - (git master: 6bac44e)

2017-06-29 Thread André Verwijs 


git master: 6bac44e767819b6aa82d0ed503c5bcc7f72b9883

question:
so commands with no level check should not be enabled..?? in terms of 
security


P.S.
"Allow_osCheckODE"  should be Moderate or High,  this is more important 
than level "none" commands...
core and/or scripting engine commands should be (very)high level in 
terms of security...




__

JAV-logo-met-naam


La Ventura (heavy metal band) Tumblr page:
http://laventurafan.tumblr.com

My Twitter Page:
http://twitter.com/OpenSimFan

My Facebook page (Be my friend please :) )
http://www.facebook.com/andre.verwijs

My Google+ page (follow me please )
André Verwijs - Google+ https://plus.google.com/111310545842863442992

___
Opensim-users mailing list
Opensim-users@opensimulator.org
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users