aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Region
diff options
context:
space:
mode:
authorMelanie Thielker2014-10-16 03:53:56 +0200
committerMelanie Thielker2014-10-16 03:53:56 +0200
commit14259b5f995da0b87190d873d1e5dc7a94606445 (patch)
tree51118bd0d67f1d33bc4781d5c98650d2b349273e /OpenSim/Region
parentlso remove caps with "PUT" http method (diff)
downloadopensim-SC-14259b5f995da0b87190d873d1e5dc7a94606445.zip
opensim-SC-14259b5f995da0b87190d873d1e5dc7a94606445.tar.gz
opensim-SC-14259b5f995da0b87190d873d1e5dc7a94606445.tar.bz2
opensim-SC-14259b5f995da0b87190d873d1e5dc7a94606445.tar.xz
Fix an obscure permissions exploit. Taking items from a friend's prim could
possibly result in a privilege escalation
Diffstat (limited to 'OpenSim/Region')
-rw-r--r--OpenSim/Region/Framework/Scenes/Scene.Inventory.cs10
1 files changed, 4 insertions, 6 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index 0c51f7f..87fee56 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -1236,17 +1236,15 @@ namespace OpenSim.Region.Framework.Scenes
1236 agentItem.BasePermissions = taskItem.BasePermissions & (taskItem.NextPermissions | (uint)PermissionMask.Move); 1236 agentItem.BasePermissions = taskItem.BasePermissions & (taskItem.NextPermissions | (uint)PermissionMask.Move);
1237 if (taskItem.InvType == (int)InventoryType.Object) 1237 if (taskItem.InvType == (int)InventoryType.Object)
1238 { 1238 {
1239 uint perms = taskItem.CurrentPermissions; 1239 uint perms = taskItem.BasePermissions & taskItem.NextPermissions;
1240 PermissionsUtil.ApplyFoldedPermissions(taskItem.CurrentPermissions, ref perms); 1240 PermissionsUtil.ApplyFoldedPermissions(taskItem.CurrentPermissions, ref perms);
1241// agentItem.BasePermissions = perms | (uint)PermissionMask.Move; 1241// agentItem.BasePermissions = perms | (uint)PermissionMask.Move;
1242// agentItem.CurrentPermissions = agentItem.BasePermissions; 1242// agentItem.CurrentPermissions = agentItem.BasePermissions;
1243 agentItem.CurrentPermissions = perms | (uint)PermissionMask.Move; 1243 agentItem.BasePermissions = perms | (uint)PermissionMask.Move;
1244 }
1245 else
1246 {
1247 agentItem.CurrentPermissions = agentItem.BasePermissions & taskItem.CurrentPermissions;
1248 } 1244 }
1249 1245
1246 agentItem.CurrentPermissions = agentItem.BasePermissions;
1247
1250 agentItem.Flags |= (uint)InventoryItemFlags.ObjectSlamPerm; 1248 agentItem.Flags |= (uint)InventoryItemFlags.ObjectSlamPerm;
1251 agentItem.NextPermissions = taskItem.NextPermissions; 1249 agentItem.NextPermissions = taskItem.NextPermissions;
1252 agentItem.EveryOnePermissions = taskItem.EveryonePermissions & (taskItem.NextPermissions | (uint)PermissionMask.Move); 1250 agentItem.EveryOnePermissions = taskItem.EveryonePermissions & (taskItem.NextPermissions | (uint)PermissionMask.Move);