Fix a few permissions vulnerability. Owners could cause permissions

escalation on items contained in prims using a hacked viewer
author: Melanie Thielker 2010-07-15 20:03:08 +0200
committer: Diva Canto 2010-07-20 14:52:25 -0700
commit: df55e5295fe029a9a7d23f71263cbf72c8921884 (patch)
tree: c5ea67b534a225b1e1c99f22dac015f51cb19a1d
parent: Relaxed the ultra-conservative lock on m_items. Needs testing under linux and... (diff)
download: opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.zip
opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.tar.gz
opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.tar.bz2
opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.tar.xz
3 files changed, 44 insertions, 8 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index 96a9d97..5f41f4b 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -1339,16 +1339,45 @@ namespace OpenSim.Region.Framework.Scenes
                    {
                        agentTransactions.HandleTaskItemUpdateFromTransaction(
                            remoteClient, part, transactionID, currentItem);
-                    }
-                    if (part.Inventory.UpdateInventoryItem(itemInfo))
-                    {
                        if ((InventoryType)itemInfo.InvType == InventoryType.Notecard) 
                            remoteClient.SendAgentAlertMessage("Notecard saved", false);
                        else if ((InventoryType)itemInfo.InvType == InventoryType.LSL)
                            remoteClient.SendAgentAlertMessage("Script saved", false);
                        else
                            remoteClient.SendAgentAlertMessage("Item saved", false);
+                    }
+                    // Check if we're allowed to mess with permissions
+                    if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god
+                    {
+                        if (remoteClient.AgentId != part.OwnerID) // Not owner
+                        {
+                            // Friends and group members can't change any perms
+                            itemInfo.BasePermissions = currentItem.BasePermissions;
+                            itemInfo.EveryonePermissions = currentItem.EveryonePermissions;
+                            itemInfo.GroupPermissions = currentItem.GroupPermissions;
+                            itemInfo.NextPermissions = currentItem.NextPermissions;
+                            itemInfo.CurrentPermissions = currentItem.CurrentPermissions;
+                        }
+                        else
+                        {
+                            // Owner can't change base, and can change other
+                            // only up to base
+                            // Base ALWAYS has move
+                            currentItem.BasePermissions |= (uint)PermissionMask.Move;
+                            itemInfo.BasePermissions = currentItem.BasePermissions;
+                            itemInfo.EveryonePermissions &= currentItem.BasePermissions;
+                            itemInfo.GroupPermissions &= currentItem.BasePermissions;
+                            itemInfo.CurrentPermissions &= currentItem.BasePermissions;
+                            itemInfo.NextPermissions &= currentItem.BasePermissions;
+                            // Next ALWAYS has move
+                            itemInfo.NextPermissions |= (uint)PermissionMask.Move;
+                        }
+                    }
+                    if (part.Inventory.UpdateInventoryItem(itemInfo))
+                    {
                        part.GetProperties(remoteClient);
                    }
                }
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
index 59fd805..6e29312 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
@@ -4137,6 +4137,13 @@ namespace OpenSim.Region.Framework.Scenes
                    case 16:
                        _nextOwnerMask = ApplyMask(_nextOwnerMask, set, mask) &
                                baseMask;
+                        // Prevent the client from creating no mod, no copy
+                        // objects
+                        if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0)
+                            _nextOwnerMask |= (uint)PermissionMask.Transfer;
+                        _nextOwnerMask |= (uint)PermissionMask.Move;
                        break;
                }
                SendFullUpdateToAllClients();
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
index 20d5486..0ec15c1 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
@@ -600,12 +600,12 @@ namespace OpenSim.Region.Framework.Scenes
                    item.GroupID = m_part.GroupID;
                        
                if (item.AssetID == UUID.Zero)
-                    item.AssetID = it.AssetID;
-                lock (m_items)
                {
-                    m_items[item.ItemID] = item;
+                    item.AssetID = m_items[item.ItemID].AssetID;
-                    m_inventorySerial++;
+                }
+                else if ((InventoryType)item.Type == InventoryType.Notecard)
+                {
+                    ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID);
                }
                if (fireScriptEvents)
author	Melanie Thielker	2010-07-15 20:03:08 +0200
committer	Diva Canto	2010-07-20 14:52:25 -0700
commit	df55e5295fe029a9a7d23f71263cbf72c8921884 (patch)
tree	c5ea67b534a225b1e1c99f22dac015f51cb19a1d
parent	Relaxed the ultra-conservative lock on m_items. Needs testing under linux and... (diff)
download	opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.zip opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.tar.gz opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.tar.bz2 opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.tar.xz

diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 96a9d97..5f41f4b 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -1339,16 +1339,45 @@ namespace OpenSim.Region.Framework.Scenes
1339	{	1339	{
1340	agentTransactions.HandleTaskItemUpdateFromTransaction(	1340	agentTransactions.HandleTaskItemUpdateFromTransaction(
1341	remoteClient, part, transactionID, currentItem);	1341	remoteClient, part, transactionID, currentItem);
1342	}	1342
1343	if (part.Inventory.UpdateInventoryItem(itemInfo))
1344	{
1345	if ((InventoryType)itemInfo.InvType == InventoryType.Notecard)	1343	if ((InventoryType)itemInfo.InvType == InventoryType.Notecard)
1346	remoteClient.SendAgentAlertMessage("Notecard saved", false);	1344	remoteClient.SendAgentAlertMessage("Notecard saved", false);
1347	else if ((InventoryType)itemInfo.InvType == InventoryType.LSL)	1345	else if ((InventoryType)itemInfo.InvType == InventoryType.LSL)
1348	remoteClient.SendAgentAlertMessage("Script saved", false);	1346	remoteClient.SendAgentAlertMessage("Script saved", false);
1349	else	1347	else
1350	remoteClient.SendAgentAlertMessage("Item saved", false);	1348	remoteClient.SendAgentAlertMessage("Item saved", false);
		1349	}
1351		1350
		1351	// Check if we're allowed to mess with permissions
		1352	if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god
		1353	{
		1354	if (remoteClient.AgentId != part.OwnerID) // Not owner
		1355	{
		1356	// Friends and group members can't change any perms
		1357	itemInfo.BasePermissions = currentItem.BasePermissions;
		1358	itemInfo.EveryonePermissions = currentItem.EveryonePermissions;
		1359	itemInfo.GroupPermissions = currentItem.GroupPermissions;
		1360	itemInfo.NextPermissions = currentItem.NextPermissions;
		1361	itemInfo.CurrentPermissions = currentItem.CurrentPermissions;
		1362	}
		1363	else
		1364	{
		1365	// Owner can't change base, and can change other
		1366	// only up to base
		1367	// Base ALWAYS has move
		1368	currentItem.BasePermissions \|= (uint)PermissionMask.Move;
		1369	itemInfo.BasePermissions = currentItem.BasePermissions;
		1370	itemInfo.EveryonePermissions &= currentItem.BasePermissions;
		1371	itemInfo.GroupPermissions &= currentItem.BasePermissions;
		1372	itemInfo.CurrentPermissions &= currentItem.BasePermissions;
		1373	itemInfo.NextPermissions &= currentItem.BasePermissions;
		1374	// Next ALWAYS has move
		1375	itemInfo.NextPermissions \|= (uint)PermissionMask.Move;
		1376	}
		1377
		1378	}
		1379	if (part.Inventory.UpdateInventoryItem(itemInfo))
		1380	{
1352	part.GetProperties(remoteClient);	1381	part.GetProperties(remoteClient);
1353	}	1382	}
1354	}	1383	}


diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs index 59fd805..6e29312 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
@@ -4137,6 +4137,13 @@ namespace OpenSim.Region.Framework.Scenes
4137	case 16:	4137	case 16:
4138	_nextOwnerMask = ApplyMask(_nextOwnerMask, set, mask) &	4138	_nextOwnerMask = ApplyMask(_nextOwnerMask, set, mask) &
4139	baseMask;	4139	baseMask;
		4140	// Prevent the client from creating no mod, no copy
		4141	// objects
		4142	if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0)
		4143	_nextOwnerMask \|= (uint)PermissionMask.Transfer;
		4144
		4145	_nextOwnerMask \|= (uint)PermissionMask.Move;
		4146
4140	break;	4147	break;
4141	}	4148	}
4142	SendFullUpdateToAllClients();	4149	SendFullUpdateToAllClients();


diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 20d5486..0ec15c1 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
@@ -600,12 +600,12 @@ namespace OpenSim.Region.Framework.Scenes
600	item.GroupID = m_part.GroupID;	600	item.GroupID = m_part.GroupID;
601		601
602	if (item.AssetID == UUID.Zero)	602	if (item.AssetID == UUID.Zero)
603	item.AssetID = it.AssetID;
604
605	lock (m_items)
606	{	603	{
607	m_items[item.ItemID] = item;	604	item.AssetID = m_items[item.ItemID].AssetID;
608	m_inventorySerial++;	605	}
		606	else if ((InventoryType)item.Type == InventoryType.Notecard)
		607	{
		608	ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID);
609	}	609	}
610		610
611	if (fireScriptEvents)	611	if (fireScriptEvents)