Changing the permissions of osAvatarName2Key

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Changing the permissions of osAvatarName2Key

Oren Hurvitz
Currently, osAvatarName2Key has ThreatLevel "Low" and is further restricted to the estate manager or owner.

A pending patch will change the permission to VeryLow, and allow the function to be called by anyone.

I think that's fine: this doesn't seem like a sensitive function. Is there any reason not to allow this?

And while we're at it, osKey2Name is similarly restricted, and I think it should similarly be allowed to be called by anyone.

--
Oren Hurvitz
VP R&D
Kitely Ltd.

Email: [hidden email][hidden email]

_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing the permissions of osAvatarName2Key

Mister Blue
Changing the ThreatLevel as opposed to changing the entry in 'osslEnable.ini' would cause existing installation that are using ThreatLevels as os function control to allow these functions. The ThreatLevel change would change regions that enable os functions but only the VeryLow functions. Are there many regions that do this? 

As an alternative, leave it ThreatLevel 'low' but change the entry in osslEnable.ini  to 'true'. This would enable the function for all while keeping the previous threat note. Region owners who are using the ThreatLevel for control will probably think this is set at the level they need. Those who are not using ThreatLevel (and are probably just using the osslEnable.ini settings) wouldn't mind changing these functions to be enabled.

Also, if changing ThreatLevel is a Good Thing, consider changing osGetGridName and osGetGridNick to VeryLow as these functions are needed by scripts while HGing. These are already 'true' in osslEnable.ini.

== mb

On Mon, Aug 3, 2015 at 5:44 AM, Oren Hurvitz <[hidden email]> wrote:
Currently, osAvatarName2Key has ThreatLevel "Low" and is further restricted to the estate manager or owner.

A pending patch will change the permission to VeryLow, and allow the function to be called by anyone.

I think that's fine: this doesn't seem like a sensitive function. Is there any reason not to allow this?

And while we're at it, osKey2Name is similarly restricted, and I think it should similarly be allowed to be called by anyone.

--
Oren Hurvitz
VP R&D
Kitely Ltd.

Email: [hidden email][hidden email]

_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev



_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing the permissions of osAvatarName2Key

Oren Hurvitz
But what do you think the threat level *should* be? I think this is a safe function that should be callable by everyone, since names and avatar UUID's are public knowledge.

On Mon, Aug 3, 2015 at 4:46 PM, Mister Blue <[hidden email]> wrote:
Changing the ThreatLevel as opposed to changing the entry in 'osslEnable.ini' would cause existing installation that are using ThreatLevels as os function control to allow these functions. The ThreatLevel change would change regions that enable os functions but only the VeryLow functions. Are there many regions that do this? 

As an alternative, leave it ThreatLevel 'low' but change the entry in osslEnable.ini  to 'true'. This would enable the function for all while keeping the previous threat note. Region owners who are using the ThreatLevel for control will probably think this is set at the level they need. Those who are not using ThreatLevel (and are probably just using the osslEnable.ini settings) wouldn't mind changing these functions to be enabled.

Also, if changing ThreatLevel is a Good Thing, consider changing osGetGridName and osGetGridNick to VeryLow as these functions are needed by scripts while HGing. These are already 'true' in osslEnable.ini.

== mb

On Mon, Aug 3, 2015 at 5:44 AM, Oren Hurvitz <[hidden email]> wrote:
Currently, osAvatarName2Key has ThreatLevel "Low" and is further restricted to the estate manager or owner.

A pending patch will change the permission to VeryLow, and allow the function to be called by anyone.

I think that's fine: this doesn't seem like a sensitive function. Is there any reason not to allow this?

And while we're at it, osKey2Name is similarly restricted, and I think it should similarly be allowed to be called by anyone.

--
Oren Hurvitz
VP R&D
Kitely Ltd.

Email: [hidden email][hidden email]

_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev



_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev




--
Oren Hurvitz
VP R&D
Kitely Ltd.

Email: [hidden email][hidden email]

_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing the permissions of osAvatarName2Key

Melanie-2
Wrong. This function (and others classified thus) have a very real
potential for DOS attacks. Calling them with a random argument will
cause a request to the ROBUST services which could be inundated with
10s of thousands of requests by abusers with build/script rights.
There is no limit or throttle on them.

- Melanie


On 03/08/2015 15:50, Oren Hurvitz wrote:

> But what do you think the threat level *should* be? I think this is a safe
> function that should be callable by everyone, since names and avatar UUID's
> are public knowledge.
>
> On Mon, Aug 3, 2015 at 4:46 PM, Mister Blue <[hidden email]>
> wrote:
>
>> Changing the ThreatLevel as opposed to changing the entry in
>> 'osslEnable.ini' would cause existing installation that are using
>> ThreatLevels as os function control to allow these functions. The
>> ThreatLevel change would change regions that enable os functions but only
>> the VeryLow functions. Are there many regions that do this?
>>
>> As an alternative, leave it ThreatLevel 'low' but change the entry in
>> osslEnable.ini  to 'true'. This would enable the function for all while
>> keeping the previous threat note. Region owners who are using the
>> ThreatLevel for control will probably think this is set at the level they
>> need. Those who are not using ThreatLevel (and are probably just using the
>> osslEnable.ini settings) wouldn't mind changing these functions to be
>> enabled.
>>
>> Also, if changing ThreatLevel is a Good Thing, consider changing
>> osGetGridName and osGetGridNick to VeryLow as these functions are needed by
>> scripts while HGing. These are already 'true' in osslEnable.ini.
>>
>> == mb
>>
>> On Mon, Aug 3, 2015 at 5:44 AM, Oren Hurvitz <[hidden email]> wrote:
>>
>>> Currently, osAvatarName2Key has ThreatLevel "Low" and is further
>>> restricted to the estate manager or owner.
>>>
>>> A pending patch will change the permission to VeryLow, and allow the
>>> function to be called by anyone.
>>>
>>> I think that's fine: this doesn't seem like a sensitive function. Is
>>> there any reason not to allow this?
>>>
>>> And while we're at it, osKey2Name is similarly restricted, and I think it
>>> should similarly be allowed to be called by anyone.
>>>
>>> --
>>> Oren Hurvitz
>>> VP R&D
>>> Kitely Ltd.
>>>
>>> Email: [hidden email] <[hidden email]>
>>>
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> [hidden email]
>>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>>>
>>>
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> [hidden email]
>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>>
>>
>
>
>
>
> _______________________________________________
> Opensim-dev mailing list
> [hidden email]
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing the permissions of osAvatarName2Key

Chris Weymann
Hello all,  

Thats right. With bad script it is posible to make a dos to a robust server.
But this is posible with LSL funktion too. I think the functionality shold not be restricted becouse of possibly bad scripts.
The permission system is the wrong way to protect the region or robust stability. For this needs the script engine a trigger limit for some funktions.
My meaning is that this funktions and that everyone can use it are importand for some typs of scripts.
I have make this patch because i want make a vendor system who works over HG. For this is it importand what everyone can use this funktions.

@Oren
Then it must be you can change it back to "Low". It is ok for me.

Best regards
Chris

-----Ursprüngliche Nachricht-----
Von: [hidden email] [mailto:[hidden email]] Im Auftrag von Melanie
Gesendet: Montag, 3. August 2015 17:06
An: [hidden email]
Betreff: Re: [Opensim-dev] Changing the permissions of osAvatarName2Key

Wrong. This function (and others classified thus) have a very real potential for DOS attacks. Calling them with a random argument will cause a request to the ROBUST services which could be inundated with 10s of thousands of requests by abusers with build/script rights.
There is no limit or throttle on them.

- Melanie


On 03/08/2015 15:50, Oren Hurvitz wrote:

> But what do you think the threat level *should* be? I think this is a
> safe function that should be callable by everyone, since names and
> avatar UUID's are public knowledge.
>
> On Mon, Aug 3, 2015 at 4:46 PM, Mister Blue
> <[hidden email]>
> wrote:
>
>> Changing the ThreatLevel as opposed to changing the entry in
>> 'osslEnable.ini' would cause existing installation that are using
>> ThreatLevels as os function control to allow these functions. The
>> ThreatLevel change would change regions that enable os functions but
>> only the VeryLow functions. Are there many regions that do this?
>>
>> As an alternative, leave it ThreatLevel 'low' but change the entry in
>> osslEnable.ini  to 'true'. This would enable the function for all
>> while keeping the previous threat note. Region owners who are using
>> the ThreatLevel for control will probably think this is set at the
>> level they need. Those who are not using ThreatLevel (and are
>> probably just using the osslEnable.ini settings) wouldn't mind
>> changing these functions to be enabled.
>>
>> Also, if changing ThreatLevel is a Good Thing, consider changing
>> osGetGridName and osGetGridNick to VeryLow as these functions are
>> needed by scripts while HGing. These are already 'true' in osslEnable.ini.
>>
>> == mb
>>
>> On Mon, Aug 3, 2015 at 5:44 AM, Oren Hurvitz <[hidden email]> wrote:
>>
>>> Currently, osAvatarName2Key has ThreatLevel "Low" and is further
>>> restricted to the estate manager or owner.
>>>
>>> A pending patch will change the permission to VeryLow, and allow the
>>> function to be called by anyone.
>>>
>>> I think that's fine: this doesn't seem like a sensitive function. Is
>>> there any reason not to allow this?
>>>
>>> And while we're at it, osKey2Name is similarly restricted, and I
>>> think it should similarly be allowed to be called by anyone.
>>>
>>> --
>>> Oren Hurvitz
>>> VP R&D
>>> Kitely Ltd.
>>>
>>> Email: [hidden email] <[hidden email]>
>>>
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> [hidden email]
>>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>>>
>>>
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> [hidden email]
>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>>
>>
>
>
>
>
> _______________________________________________
> Opensim-dev mailing list
> [hidden email]
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing the permissions of osAvatarName2Key

Melanie-2
Your participating grid and region owners will just have to change
the setting. A change to the default is not an option. That would
affect unwitting OpenSim users and possibly lead to problems for
grids that they would be hard put to accurately troubleshoot.

- Melanie

On 03/08/2015 20:12, Chris Weymann wrote:

> Hello all,  
>
> Thats right. With bad script it is posible to make a dos to a robust server.
> But this is posible with LSL funktion too. I think the functionality shold not be restricted becouse of possibly bad scripts.
> The permission system is the wrong way to protect the region or robust stability. For this needs the script engine a trigger limit for some funktions.
> My meaning is that this funktions and that everyone can use it are importand for some typs of scripts.
> I have make this patch because i want make a vendor system who works over HG. For this is it importand what everyone can use this funktions.
>
> @Oren
> Then it must be you can change it back to "Low". It is ok for me.
>
> Best regards
> Chris
>
> -----Ursprüngliche Nachricht-----
> Von: [hidden email] [mailto:[hidden email]] Im Auftrag von Melanie
> Gesendet: Montag, 3. August 2015 17:06
> An: [hidden email]
> Betreff: Re: [Opensim-dev] Changing the permissions of osAvatarName2Key
>
> Wrong. This function (and others classified thus) have a very real potential for DOS attacks. Calling them with a random argument will cause a request to the ROBUST services which could be inundated with 10s of thousands of requests by abusers with build/script rights.
> There is no limit or throttle on them.
>
> - Melanie
>
>
> On 03/08/2015 15:50, Oren Hurvitz wrote:
>> But what do you think the threat level *should* be? I think this is a
>> safe function that should be callable by everyone, since names and
>> avatar UUID's are public knowledge.
>>
>> On Mon, Aug 3, 2015 at 4:46 PM, Mister Blue
>> <[hidden email]>
>> wrote:
>>
>>> Changing the ThreatLevel as opposed to changing the entry in
>>> 'osslEnable.ini' would cause existing installation that are using
>>> ThreatLevels as os function control to allow these functions. The
>>> ThreatLevel change would change regions that enable os functions but
>>> only the VeryLow functions. Are there many regions that do this?
>>>
>>> As an alternative, leave it ThreatLevel 'low' but change the entry in
>>> osslEnable.ini  to 'true'. This would enable the function for all
>>> while keeping the previous threat note. Region owners who are using
>>> the ThreatLevel for control will probably think this is set at the
>>> level they need. Those who are not using ThreatLevel (and are
>>> probably just using the osslEnable.ini settings) wouldn't mind
>>> changing these functions to be enabled.
>>>
>>> Also, if changing ThreatLevel is a Good Thing, consider changing
>>> osGetGridName and osGetGridNick to VeryLow as these functions are
>>> needed by scripts while HGing. These are already 'true' in osslEnable.ini.
>>>
>>> == mb
>>>
>>> On Mon, Aug 3, 2015 at 5:44 AM, Oren Hurvitz <[hidden email]> wrote:
>>>
>>>> Currently, osAvatarName2Key has ThreatLevel "Low" and is further
>>>> restricted to the estate manager or owner.
>>>>
>>>> A pending patch will change the permission to VeryLow, and allow the
>>>> function to be called by anyone.
>>>>
>>>> I think that's fine: this doesn't seem like a sensitive function. Is
>>>> there any reason not to allow this?
>>>>
>>>> And while we're at it, osKey2Name is similarly restricted, and I
>>>> think it should similarly be allowed to be called by anyone.
>>>>
>>>> --
>>>> Oren Hurvitz
>>>> VP R&D
>>>> Kitely Ltd.
>>>>
>>>> Email: [hidden email] <[hidden email]>
>>>>
>>>> _______________________________________________
>>>> Opensim-dev mailing list
>>>> [hidden email]
>>>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> [hidden email]
>>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>>>
>>>
>>
>>
>>
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> [hidden email]
>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> [hidden email]
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> [hidden email]
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>
>
_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Changing the permissions of osAvatarName2Key

Dahlia Trimble
Any reason these functions could not be throttled? Or are there other implications besides the possible DOS?

On Mon, Aug 3, 2015 at 11:48 AM, Melanie <[hidden email]> wrote:
Your participating grid and region owners will just have to change
the setting. A change to the default is not an option. That would
affect unwitting OpenSim users and possibly lead to problems for
grids that they would be hard put to accurately troubleshoot.

- Melanie

On 03/08/2015 20:12, Chris Weymann wrote:
> Hello all,
>
> Thats right. With bad script it is posible to make a dos to a robust server.
> But this is posible with LSL funktion too. I think the functionality shold not be restricted becouse of possibly bad scripts.
> The permission system is the wrong way to protect the region or robust stability. For this needs the script engine a trigger limit for some funktions.
> My meaning is that this funktions and that everyone can use it are importand for some typs of scripts.
> I have make this patch because i want make a vendor system who works over HG. For this is it importand what everyone can use this funktions.
>
> @Oren
> Then it must be you can change it back to "Low". It is ok for me.
>
> Best regards
> Chris
>
> -----Ursprüngliche Nachricht-----
> Von: [hidden email] [mailto:[hidden email]] Im Auftrag von Melanie
> Gesendet: Montag, 3. August 2015 17:06
> An: [hidden email]
> Betreff: Re: [Opensim-dev] Changing the permissions of osAvatarName2Key
>
> Wrong. This function (and others classified thus) have a very real potential for DOS attacks. Calling them with a random argument will cause a request to the ROBUST services which could be inundated with 10s of thousands of requests by abusers with build/script rights.
> There is no limit or throttle on them.
>
> - Melanie
>
>
> On 03/08/2015 15:50, Oren Hurvitz wrote:
>> But what do you think the threat level *should* be? I think this is a
>> safe function that should be callable by everyone, since names and
>> avatar UUID's are public knowledge.
>>
>> On Mon, Aug 3, 2015 at 4:46 PM, Mister Blue
>> <[hidden email]>
>> wrote:
>>
>>> Changing the ThreatLevel as opposed to changing the entry in
>>> 'osslEnable.ini' would cause existing installation that are using
>>> ThreatLevels as os function control to allow these functions. The
>>> ThreatLevel change would change regions that enable os functions but
>>> only the VeryLow functions. Are there many regions that do this?
>>>
>>> As an alternative, leave it ThreatLevel 'low' but change the entry in
>>> osslEnable.ini  to 'true'. This would enable the function for all
>>> while keeping the previous threat note. Region owners who are using
>>> the ThreatLevel for control will probably think this is set at the
>>> level they need. Those who are not using ThreatLevel (and are
>>> probably just using the osslEnable.ini settings) wouldn't mind
>>> changing these functions to be enabled.
>>>
>>> Also, if changing ThreatLevel is a Good Thing, consider changing
>>> osGetGridName and osGetGridNick to VeryLow as these functions are
>>> needed by scripts while HGing. These are already 'true' in osslEnable.ini.
>>>
>>> == mb
>>>
>>> On Mon, Aug 3, 2015 at 5:44 AM, Oren Hurvitz <[hidden email]> wrote:
>>>
>>>> Currently, osAvatarName2Key has ThreatLevel "Low" and is further
>>>> restricted to the estate manager or owner.
>>>>
>>>> A pending patch will change the permission to VeryLow, and allow the
>>>> function to be called by anyone.
>>>>
>>>> I think that's fine: this doesn't seem like a sensitive function. Is
>>>> there any reason not to allow this?
>>>>
>>>> And while we're at it, osKey2Name is similarly restricted, and I
>>>> think it should similarly be allowed to be called by anyone.
>>>>
>>>> --
>>>> Oren Hurvitz
>>>> VP R&D
>>>> Kitely Ltd.
>>>>
>>>> Email: [hidden email] <[hidden email]>
>>>>
>>>> _______________________________________________
>>>> Opensim-dev mailing list
>>>> [hidden email]
>>>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> [hidden email]
>>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>>>
>>>
>>
>>
>>
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> [hidden email]
>> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> [hidden email]
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> [hidden email]
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>
>
_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev


_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

MOSES Patch 3 (UNCLASSIFIED)

Maxwell, Douglas CIV USARMY RDECOM ARL (US)
Classification: UNCLASSIFIED
Caveats: NONE

The MOSES Team recently released a patch containing the final set of performance metrics to the OpenSim Mantis. The patch modified and introduced metrics that measure the simulator’s network performance. The contents of the patch have been discussed in other threads.

After satisfying all of the security and preferred configuration options recommended by Melanie, Ai Austin, and Bruce, we have produced a patch that we were confident would be accepted without issue. Unfortunately, our latest patch received heavy trivial and inconsistent criticism that was subjective and atypical; none of the issues identified counter the OpenSim standards. Below is a list of the issues listed on our Mantis ticket:

1.  Decompose the patch into multiple, smaller patches.

2.  Inconsistent terminology in the configuration file comments.

3.  Provide a Wiki entry detailing the metrics.

4.  Why is there a master On/Off switch when each metric has its own On/Off switch?

5.  Comments are too long and convoluted.

6.  “AgentAddressPort” should not be located in the new, independent Advanced Network Metrics ini file, but in the main OpenSim.ini.

7.  Change the configuration variable name from "Include-AdvancedMetricsEnable" to "Include-AdvancedMetrics."

8.  “Number of logging in users” is too specific to MOSES.

9.  Metrics that deal with packets should have “packets” in the name.

10. Excessive line-breaks in the source code.

11. The patch notes contain white space warnings that must be resolved (these are Git warnings, not compiler warnings).

The Moses Team has taken the initiative to devote resources and time in adding to the development of OpenSim. This work in particular has corrected invalid metrics and introduced necessary ones to fully evaluate the simulator’s performance at any time. Yes, this patch, just like our two previously accepted patches, contains a lot of work but size was necessary because many of the network metrics are co-dependent (code-wise) and it does not make any sense to split up the commits. Additionally, our patches have been decomposed into 3 categorized phases; this is our final patch that only contains network related statistics.

Moving forward, we are submitting a new patch in two days. The patch resolves one unit test failure that we discovered and one spelling mistake (an instance of “of” instead of “off”).  We hope that this upcoming patch is accepted into core without incident. We also hope that any nonessential issues from here on out be resolved by opening up a separate ticket instead of holding up an entire effort of development.

On behalf of the MOSES team, respectfully - doug

Douglas Maxwell
Science and Technology Manager
Virtual World Strategic Applications
U.S. Army Research Lab
Simulation & Training Technology Center (STTC)
(c) (407) 242-0209

Classification: UNCLASSIFIED
Caveats: NONE



_______________________________________________
Opensim-dev mailing list
[hidden email]
http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev

smime.p7s (7K) Download Attachment
Loading...