osForceDropAttachment not available

[Ilan Tochner]

Hi Ramesh,

When you work in an environment where your users can write scripts and give them to other people to run you need to limit your exposure to damage done by malicious coders. The only ways to avoid this problem are by preventing users from creating their own scripts, by limiting functions to a safe subset, or by having someone review each script to make sure it is well behaved. Option 3 can be very expensive and option 1 isn't well suited for a world that is user generated. This leaves us with the option of limiting exposure.

I wish we didn't have to take these precautions but there are a lot of people who target service providers that make naive assumptions about how people will use scripts in their systems. If you ever decide to host your worlds yourself or with another provider then I really recommend you keep hackers/griefers in mind when deciding what functions you'll make available to your users inside your virtual world.

[Ramesh Ramloll]

I think in the future you need each of your kitely user who is running worlds to have the option to select whatever function they want to turn on. This is something the world manager should be responsible for, not the grid owner. If you can have an interface for setting wind control on or off, you can do that for the other stuff too.

[Dundridge Dreadlow]

I was actually asked to build an item in SL to do force-drop a while back - the idea was to deliberately leave an item on the ground. I too was annoyed I could not do it the way I wanted. Didn't take long to figure it would be a problem on someone else's land.

If there was an os-delete-me-and-detach command it would solve the problem. Hm, I wonder if that is implemented differently in opensim.

as to preventing cheating in Kitely-type environments, I went into a maze game in SL, which used RLV to prevent things like flying & teleports & possibly sitting on an object outside to exit. The idea was pretty neat.

I actually wonder how powerful force drop actually is. Could I write a script, place it on my world, and then drop every item, of every passer under my land, or up in the sky. I'll assume it is slightly less dangerous than that.

It can actually be pretty hard to find dropped items at the best of times. I have an item in SL (DJ-PDA3 handheld computer) which was designed to be dropped in world, and automatically moves to it's docking station. Then when the docking station was clicked, it would automatically re-attach to the avatar. Without the docking station, the damn thing is really easy to lose, and problematic if low on prims or too near someone else parcel. I actually removed docking station support for the DJ-PDA4 and 5, sigh - and that was just a MANUAL drop in world. Script dropping it - scary.

[Ramesh Ramloll]

Hi Dundridge
'I actually wonder how powerful force drop actually is. Could I write a script, place it on my world, and then drop every item, of every passer under my land, or up in the sky. I'll assume it is slightly less dangerous than that.'

Well it is an innocuous command really. You can only trigger it from withing the object that can be dropped. It cannot even target a UUID etc... etc... so it CANNOT be used to force something that someone has attached. So you really need to find weird scenarios to make the griefing case for osForceDrop ... like someone injecting this command in some other person's legit script and the worst this command will do is to drop the prim containing the infected script after it's worn. Worst case scenario, the person with the legit script will get a number of calls 'you know when I wear your prim, it just drop itself ... weird, see I wore the penis, it dropped on the ground ... things like that', and if you add an 'llDie' after the drop the dropped item will just delete itself. It will take a real stupid griefer to use the command because other than wasting the legit scripter's time, there is absolutely nothing else it can be used for. There are better ways to do damage in my opinion if you can access and modify someone else's scripts.

[Dundridge Dreadlow]

How does it handle no script areas, no copy items, other peoples parcels, parcel full, distance dropped from avatar ? Like I said, I've had issues manually dropping items, so script dropping makes me very nervous.

I'd love to have the next PDA to auto-dock on the users desk when they get home and auto-attach when they leave. Just like putting a mobile phone on charge

[Ilan Tochner]

Hi Ramesh,

Malicious code writers wouldn't have the Trojan functionality activate immediately, they would have it time delayed or triggered by some event (such as entering a world where the scripter knows the requires functions are enabled). This is how hackers work in non virtual world environments. The result would be that a the problem wouldn't be associated with the item itself but would rather get blamed on the world manager or Kitely. People (the user or the world manager) would then contact Kitely for sorting things out ("I went to world X and suddenly the hair I've been wearing for months disappeared - Kitely lost my hair").

There is a big difference between having wind be configurable and enabling items to be force dropped. One has no long lasting effect on users visiting the world whereas the other can result in the loss of items, grief and support requests.

[Ramesh Ramloll]

Once you can inject it in someone else's code then it can be used for damage. And that is true for any LSL command ... even llSay can be a source of malevolence. You can presumably use osForceDrop mainly to cover your tracks ... so take this example, I get someone else's opensource script, modify it, and I get other people use it. Say there is this fancy watch that is so popular that every body wants to wear it on their right hand, it may contain some scripts that does magical things. But I decide to put a destructive payload in it. since it is attached to body ... this destructive code can follow the avatar wearing it wherever they go but it cannot self-delete via llDie because it is an attachment ... so osForceDrop comes in handy, drops the trojan watch after damage done, then infected script triggers llDie() to remove trojan watch... tracks covered..this is pretty childish actually.) That's it.

[Ramesh Ramloll]

Have to say I hope this conversation is going to lead to something constructive ...I'm not going to use computers because there are trojans out there )

[Ilan Tochner]

Javascript sandboxes functions to limit the amount of damage that can be done to people's computer and accounts in other websites when they visit a malicious website.

Linden Lab designed LSL with security in mind but some functions they created were ill-conceived and leave the door open for many attack vectors. Grid owners who follow best practice security procedures make sure to disable those LSL functions. That doesn't mean all LSL functions are risky or that you shouldn't use computers it just means that you won't be able to use every LSL function that SL supports on Kitely (just the mostly-safe majority of them).

[Ramesh Ramloll]

I wish we were discussing the specific issue and not common sense generalities. But no worries, am out of this thread.