[Feature] Generic call script as script owner
za3uv2
dtr
{161115.1901}
accts.xfer_gc_to_caller is wonderful, and clearly opens the door to a sys.xfer_upgrade_to_caller, but that runs into an issue: How does the script know what index to pass, since it can't check its own upgrade (since sys.upgrades would be the caller's, not the owners, and indices can change, so hard-coding isn't workable).
One solution would be a way to call ANY script as the script owner. Perhaps #os.foo.bar to call as owner, and #s.foo.bar to call as caller. Then xfer_gc_to_caller could be removed, and #os.foo.bar calls could all be treated as fullsec (no risk to the caller).
This opens up many options
1) Defense scripts that expose the owner's sys.access_log to whitelisted callers, to help defend while the owner is offline
2) Easy GC/Item swapping as mentioned above
3) Arbitrary bank transfers. For example, Alice could direct Zurich to send GC to Bob, and it would be handled directly by the script (#os.accts.xfer_gc_to) rather than asynchronously by zurich's bank bot.
This shouldn't affect the security model, because by default nothing changes. And if we write a script that uses #os.foo.bar, then it is entirely on us to secure it properly.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
dtr
{170825.1906}
EDIT: On further thought, wait, no. context.caller does have to change to be the person whose stuff is accessed, and we'd need something new -- context.top_caller, perhaps? initiator? -- to be the person who actually called the script on the CLIORIGINAL MESSAGE FOLLOWS: Just to clarify the point: context.caller wouldn't change in #os'd scripts, all that would change is what system scripts are called as. i.e. #os.accts.xfer_gc_to sends gc from the script owner's account to anyone, but still sees the context.caller as whoever called the script.
It might be a good idea to add this info to chats (i.e. "sender via caller :::message:::"), transactions (sender:"dtr",recipient:"soron",initiator:"n00bish"), and upgrade logs, etc.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -