Anyone can drag stuff out of boxes they don't own, to places they have no create rights, then edit them. 🔼

Reported by Syldra.

The object remains the same owner, though you can edit it.

You can't edit other stuff owned by the same person.

reported=2021-06-16 08:54:05

reporter=onefang

priority=immediate

category=Bug

severity=major

resolution=fixed

2021-06-16 08:57:02 onefang: Note, this is non gods allowed to do this.

2021-06-16 09:03:13 onefang: Still broken in 0.9.1.1

2021-06-16 09:15:45 onefang: Korgi reports it's still broken in 0.9.2.

2021-06-16 11:50:24 onefang: [quote=Korgi]it seems that this bug only occurs with items that are set to "anyone can copy" or atleast that's the case in MG anyways.That seems to be the key here.[/quote]

So the dragging out bit isn't really a bug, coz that makes sense.  It's the ownership not changing that's the bug.  Coz the person that put it in the shop in the first place has creation rights in that sim.

And hence after changing owner, it should refuse to rez if the new owner doesn't have create rights.  But they should be able to drag directly to their own inventory.  That still leaves the "you now have a glitchy object on the floor / in your inventory" part.

2021-06-21 20:02:44 onefang: [quote=Korgi]Since it only affects objects that are set to "anyone can copy" it seems like more or less the intended function so there's not much really too fix. Davey ended up sending a bug report about it to core anyways though.[/quote]

2021-07-07 02:03:43 onefang: It's the "then edit it" part that is a security bug.

2021-07-07 02:34:55 onefang: [quote=Korgi]

http://opensimulator.org/mantis/view.php?id=8900 That's th link, but he says since it is a security issue it's hidden from public view so you need to be able to login to see it.

[/quote]