Original post by `0chirp`. Forked/maintained by `0zoe` in the meanwhile.
This is a draft and will be updated according to feedback.
In hackmud, a script's security level (SECLEVEL) is dependent on what `5trust` scripts it calls.
Trust scripts by themselves are usually safe and do what users expect them to, however they can be used maliciously by player scripts.
For example, a `FMIDSEC` script may attempt to send all of your GC to another user through the use of `5accts`.`Lxfer_gc_to`!
The security level of a script can be checked using `5scripts`.`Lget_level`.
This should be done before running any unfamiliar scripts, and even then it's always better to be safe than sorry.
You can also check the access level of a script using `5scripts`.`Lget_access_level`
This can be used to determine whether a script is PUBLIC or PRIVATE, HIDDEN or a `5TRUST` script.
- `5TRUST` scripts are self-explanatory, as they are scripts owned by `5trust`.
- HIDDEN scripts will usually be locs, although they can also be scripts relating to puzzles or events.
User locs may also have varying security levels, usually dependent on their highest tier lock.
- Tier 1 locks only, or no locks, will make a loc `LFULLSEC`.
- Tier 2 locks will make a loc `JHIGHSEC`, or `FMIDSEC` with certain locks.
- Tier 3 locks will make a loc `DLOWSEC`.
- Tier 4 locks will make a loc `TNULLSEC`.
Locs may contain any lock at their security level or below, and can only contain up to 8 locks.
Additionally, for a loc to be included in a script, it must be specified as `DLOWSEC` or `TNULLSEC`, even if it is another SECLEVEL.
Security Levels:
- `LFULLSEC` scripts are the safest. The most harm they could do is have your user send messages to chat channels you are already in, or tells to other users.
- `JHIGHSEC` scripts may obtain some information about your system, such as your balance and upgrades, breach/hardline status, specs and transfer logs.
- `FMIDSEC` scripts may manage (load/unload/reorder) your upgrades, transfer your GC, as well as obtain a list of channels and join/leave any.
- `DLOWSEC` scripts may be able to obtain your loc (which can be used to hack you) as well as transfer or even destroy upgrades, and can view your access logs.
- `TNULLSEC` scripts are the least safe. They may be able to breach you, see what corp you're in, or even force you to leave the corp you're in.
Trust scripts:
`LFULLSEC`:
`5accts`.`Lbalance_of_owner`
`5accts`.`Lxfer_gc_to_caller`
`5chats`.`Lcreate`
`5chats`.`Lsend`
`5chats`.`Ltell`
`5escrow`.`Lcharge`
`5escrow`.`Lconfirm`
`5gui`.`Lchats`
`5gui`.`Lquiet`
`5gui`.`Lsize`
`5gui`.`Lvfx`
`5gui`.`Lvol`
`5market`.`Lbrowse`
`5scripts`.`Lfullsec`
`5scripts`.`Lget_access_level`
`5scripts`.`Lget_level`
`5scripts`.`Lhighsec`
`5scripts`.`Llowsec`
`5scripts`.`Lmidsec`
`5scripts`.`Lnullsec`
`5scripts`.`Ltrust`
`5sys`.`Linit`
`5sys`.`Lupgrades_of_owner`
`5users`.`Lactive`
`5users`.`Llast_action`
`5users`.`Ltop`
`JHIGHSEC`:
`5accts`.`Lbalance`
`5accts`.`Ltransactions`
`5scripts`.`Lsys`
`5sys`.`Lspecs`
`5sys`.`Lstatus`
`5sys`.`Lupgrade_log`
`5sys`.`Lupgrades`
`5users`.`Linspect`
`FMIDSEC`:
`5accts`.`Lxfer_gc_to`
`5autos`.`Lreset`
`5chats`.`Lchannels`
`5chats`.`Ljoin`
`5chats`.`Lleave`
`5chats`.`Lusers`
`5escrow`.`Lstats`
`5market`.`Lbuy`
`5market`.`Lstats`
`5scripts`.`Luser`
`5sys`.`Lmanage`
`DLOWSEC`:
`5kernel`.`Lhardline`
`5market`.`Lsell`
`5sys`.`Laccess_log`
`5sys`.`Lcull`
`5sys`.`Lloc`
`5sys`.`Lxfer_upgrade_to`
`TNULLSEC`:
`5corps`.`Lcreate`
`5corps`.`Lhire`
`5corps`.`Lmanage`
`5corps`.`Loffers`
`5corps`.`Lquit`
`5corps`.`Ltop`
`5sys`.`Lbreach`
`5trust`.`Lme`
`5users`.`Lconfig`