Fix a few permissions vulnerability. Owners could cause permissions

escalation on items contained in prims using a hacked viewer
author: Melanie Thielker 2010-07-15 20:03:08 +0200
committer: Melanie Thielker 2010-07-15 20:03:08 +0200
commit: 8d2b4b7b487f7a35b610d894c03619e638866473 (patch)
tree: 305494398ed0cb21962467d05b2279b4ff2fe1a7
parent: Preserve attachment data while a prim is in world. Allows attachment (diff)
download: opensim-SC-8d2b4b7b487f7a35b610d894c03619e638866473.zip
opensim-SC-8d2b4b7b487f7a35b610d894c03619e638866473.tar.gz
opensim-SC-8d2b4b7b487f7a35b610d894c03619e638866473.tar.bz2
opensim-SC-8d2b4b7b487f7a35b610d894c03619e638866473.tar.xz
3 files changed, 35 insertions, 9 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index c77efc7..e1674be 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -1359,16 +1359,45 @@ namespace OpenSim.Region.Framework.Scenes
                    {
                        agentTransactions.HandleTaskItemUpdateFromTransaction(
                            remoteClient, part, transactionID, currentItem);
-                    }
-                    if (part.Inventory.UpdateInventoryItem(itemInfo))
-                    {
                        if ((InventoryType)itemInfo.InvType == InventoryType.Notecard) 
                            remoteClient.SendAgentAlertMessage("Notecard saved", false);
                        else if ((InventoryType)itemInfo.InvType == InventoryType.LSL)
                            remoteClient.SendAgentAlertMessage("Script saved", false);
                        else
                            remoteClient.SendAgentAlertMessage("Item saved", false);
+                    }
+                    // Check if we're allowed to mess with permissions
+                    if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god
+                    {
+                        if (remoteClient.AgentId != part.OwnerID) // Not owner
+                        {
+                            // Friends and group members can't change any perms
+                            itemInfo.BasePermissions = currentItem.BasePermissions;
+                            itemInfo.EveryonePermissions = currentItem.EveryonePermissions;
+                            itemInfo.GroupPermissions = currentItem.GroupPermissions;
+                            itemInfo.NextPermissions = currentItem.NextPermissions;
+                            itemInfo.CurrentPermissions = currentItem.CurrentPermissions;
+                        }
+                        else
+                        {
+                            // Owner can't change base, and can change other
+                            // only up to base
+                            // Base ALWAYS has move
+                            currentItem.BasePermissions |= (uint)PermissionMask.Move;
+                            itemInfo.BasePermissions = currentItem.BasePermissions;
+                            itemInfo.EveryonePermissions &= currentItem.BasePermissions;
+                            itemInfo.GroupPermissions &= currentItem.BasePermissions;
+                            itemInfo.CurrentPermissions &= currentItem.BasePermissions;
+                            itemInfo.NextPermissions &= currentItem.BasePermissions;
+                            // Next ALWAYS has move
+                            itemInfo.NextPermissions |= (uint)PermissionMask.Move;
+                        }
+                    }
+                    if (part.Inventory.UpdateInventoryItem(itemInfo))
+                    {
                        part.GetProperties(remoteClient);
                    }
                }
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
index 87b2d74..b19c443 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
@@ -4156,6 +4156,9 @@ namespace OpenSim.Region.Framework.Scenes
                        // objects
                        if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0)
                            _nextOwnerMask |= (uint)PermissionMask.Transfer;
+                        _nextOwnerMask |= (uint)PermissionMask.Move;
                        break;
                }
                SendFullUpdateToAllClients();
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
index 0066158..2a3727a 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
@@ -762,12 +762,6 @@ namespace OpenSim.Region.Framework.Scenes
                else if ((InventoryType)item.Type == InventoryType.Notecard)
                {
                    ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID);
-                    if (presence != null)
-                    {
-                        presence.ControllingClient.SendAgentAlertMessage(
-                                "Notecard saved", false);
-                    }
                }
                m_items[item.ItemID] = item;
author	Melanie Thielker	2010-07-15 20:03:08 +0200
committer	Melanie Thielker	2010-07-15 20:03:08 +0200
commit	8d2b4b7b487f7a35b610d894c03619e638866473 (patch)
tree	305494398ed0cb21962467d05b2279b4ff2fe1a7
parent	Preserve attachment data while a prim is in world. Allows attachment (diff)
download	opensim-SC-8d2b4b7b487f7a35b610d894c03619e638866473.zip opensim-SC-8d2b4b7b487f7a35b610d894c03619e638866473.tar.gz opensim-SC-8d2b4b7b487f7a35b610d894c03619e638866473.tar.bz2 opensim-SC-8d2b4b7b487f7a35b610d894c03619e638866473.tar.xz

diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index c77efc7..e1674be 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -1359,16 +1359,45 @@ namespace OpenSim.Region.Framework.Scenes
1359	{	1359	{
1360	agentTransactions.HandleTaskItemUpdateFromTransaction(	1360	agentTransactions.HandleTaskItemUpdateFromTransaction(
1361	remoteClient, part, transactionID, currentItem);	1361	remoteClient, part, transactionID, currentItem);
1362	}	1362
1363	if (part.Inventory.UpdateInventoryItem(itemInfo))
1364	{
1365	if ((InventoryType)itemInfo.InvType == InventoryType.Notecard)	1363	if ((InventoryType)itemInfo.InvType == InventoryType.Notecard)
1366	remoteClient.SendAgentAlertMessage("Notecard saved", false);	1364	remoteClient.SendAgentAlertMessage("Notecard saved", false);
1367	else if ((InventoryType)itemInfo.InvType == InventoryType.LSL)	1365	else if ((InventoryType)itemInfo.InvType == InventoryType.LSL)
1368	remoteClient.SendAgentAlertMessage("Script saved", false);	1366	remoteClient.SendAgentAlertMessage("Script saved", false);
1369	else	1367	else
1370	remoteClient.SendAgentAlertMessage("Item saved", false);	1368	remoteClient.SendAgentAlertMessage("Item saved", false);
		1369	}
1371		1370
		1371	// Check if we're allowed to mess with permissions
		1372	if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god
		1373	{
		1374	if (remoteClient.AgentId != part.OwnerID) // Not owner
		1375	{
		1376	// Friends and group members can't change any perms
		1377	itemInfo.BasePermissions = currentItem.BasePermissions;
		1378	itemInfo.EveryonePermissions = currentItem.EveryonePermissions;
		1379	itemInfo.GroupPermissions = currentItem.GroupPermissions;
		1380	itemInfo.NextPermissions = currentItem.NextPermissions;
		1381	itemInfo.CurrentPermissions = currentItem.CurrentPermissions;
		1382	}
		1383	else
		1384	{
		1385	// Owner can't change base, and can change other
		1386	// only up to base
		1387	// Base ALWAYS has move
		1388	currentItem.BasePermissions \|= (uint)PermissionMask.Move;
		1389	itemInfo.BasePermissions = currentItem.BasePermissions;
		1390	itemInfo.EveryonePermissions &= currentItem.BasePermissions;
		1391	itemInfo.GroupPermissions &= currentItem.BasePermissions;
		1392	itemInfo.CurrentPermissions &= currentItem.BasePermissions;
		1393	itemInfo.NextPermissions &= currentItem.BasePermissions;
		1394	// Next ALWAYS has move
		1395	itemInfo.NextPermissions \|= (uint)PermissionMask.Move;
		1396	}
		1397
		1398	}
		1399	if (part.Inventory.UpdateInventoryItem(itemInfo))
		1400	{
1372	part.GetProperties(remoteClient);	1401	part.GetProperties(remoteClient);
1373	}	1402	}
1374	}	1403	}


diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs index 87b2d74..b19c443 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
@@ -4156,6 +4156,9 @@ namespace OpenSim.Region.Framework.Scenes
4156	// objects	4156	// objects
4157	if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0)	4157	if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0)
4158	_nextOwnerMask \|= (uint)PermissionMask.Transfer;	4158	_nextOwnerMask \|= (uint)PermissionMask.Transfer;
		4159
		4160	_nextOwnerMask \|= (uint)PermissionMask.Move;
		4161
4159	break;	4162	break;
4160	}	4163	}
4161	SendFullUpdateToAllClients();	4164	SendFullUpdateToAllClients();


diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 0066158..2a3727a 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
@@ -762,12 +762,6 @@ namespace OpenSim.Region.Framework.Scenes
762	else if ((InventoryType)item.Type == InventoryType.Notecard)	762	else if ((InventoryType)item.Type == InventoryType.Notecard)
763	{	763	{
764	ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID);	764	ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID);
765
766	if (presence != null)
767	{
768	presence.ControllingClient.SendAgentAlertMessage(
769	"Notecard saved", false);
770	}
771	}	765	}
772		766
773	m_items[item.ItemID] = item;	767	m_items[item.ItemID] = item;