aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim
diff options
context:
space:
mode:
authorMelanie Thielker2010-05-30 13:46:05 +0200
committerMelanie Thielker2010-05-30 13:46:05 +0200
commit59a536743354ffaa12b23378f559d2d59d7d5304 (patch)
tree34153c133bde5761b7000789a1c9663cf46d8d38 /OpenSim
parentRevert "Meta7 Communities : Authorization service added, skeleton, not yet fu... (diff)
downloadopensim-SC-59a536743354ffaa12b23378f559d2d59d7d5304.zip
opensim-SC-59a536743354ffaa12b23378f559d2d59d7d5304.tar.gz
opensim-SC-59a536743354ffaa12b23378f559d2d59d7d5304.tar.bz2
opensim-SC-59a536743354ffaa12b23378f559d2d59d7d5304.tar.xz
Changes OSSL Api permissions for the case of UUID list. In 0.6.9, the UUIDs
would be the IDs of the prim owners in whose prims these functions would run. This changes it so the UUID is the SCRIPT CREATOR instead. Further, osfunctions limited by uuid will not run if the creator and owner differ and the owner has mod rights on the script. There is still a danger in passing moodifiable scripts to others, as they can insert a harmful function, then remove the mod rights to make it runnable. As before, care needs to be taken, but where it was modable prims that were the risk before, modable scripts are the weak spot now. In cases where prim owner == script creator == script owner, nothing will change.
Diffstat (limited to 'OpenSim')
-rw-r--r--OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs21
1 files changed, 18 insertions, 3 deletions
diff --git a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
index 942e4ef..8cfa833 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Api/Implementation/OSSL_Api.cs
@@ -278,10 +278,25 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
278 { 278 {
279 if (!m_FunctionPerms[function].Contains(UUID.Zero)) 279 if (!m_FunctionPerms[function].Contains(UUID.Zero))
280 { 280 {
281 if (!m_FunctionPerms[function].Contains(m_host.OwnerID)) 281 TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID);
282 if (ti == null)
283 {
284 OSSLError(
285 String.Format("{0} permission error. Can't find script in prim inventory.",
286 function));
287 }
288 if (!m_FunctionPerms[function].Contains(ti.CreatorID))
282 OSSLError( 289 OSSLError(
283 String.Format("{0} permission denied. Prim owner is not in the list of users allowed to execute this function.", 290 String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function.",
284 function)); 291 function));
292 if (ti.CreatorID != ti.OwnerID)
293 {
294 if ((ti.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
295 OSSLError(
296 String.Format("{0} permission denied. Script permissions error.",
297 function));
298
299 }
285 } 300 }
286 } 301 }
287 } 302 }
@@ -2141,4 +2156,4 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
2141 } 2156 }
2142 } 2157 }
2143 } 2158 }
2144} \ No newline at end of file 2159}