diff options
| author | Melanie Thielker | 2010-07-15 20:03:08 +0200 |
|---|---|---|
| committer | Melanie | 2010-07-20 21:00:56 +0100 |
| commit | 78605baab330f850f1b47d205b4041d59080a00c (patch) | |
| tree | cb6c0d2b836260cd568b45c5bdc4dca203c080a7 | |
| parent | adjust DialogModule to only send broadcast alerts to root agents (diff) | |
| download | opensim-SC_OLD-78605baab330f850f1b47d205b4041d59080a00c.zip opensim-SC_OLD-78605baab330f850f1b47d205b4041d59080a00c.tar.gz opensim-SC_OLD-78605baab330f850f1b47d205b4041d59080a00c.tar.bz2 opensim-SC_OLD-78605baab330f850f1b47d205b4041d59080a00c.tar.xz | |
Fix a few permissions vulnerability. Owners could cause permissions
escalation on items contained in prims using a hacked viewer
| -rw-r--r-- | OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 35 | ||||
| -rw-r--r-- | OpenSim/Region/Framework/Scenes/SceneObjectPart.cs | 3 | ||||
| -rw-r--r-- | OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs | 10 |
3 files changed, 40 insertions, 8 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 6e73fe9..1bb7075 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | |||
| @@ -1340,16 +1340,45 @@ namespace OpenSim.Region.Framework.Scenes | |||
| 1340 | { | 1340 | { |
| 1341 | agentTransactions.HandleTaskItemUpdateFromTransaction( | 1341 | agentTransactions.HandleTaskItemUpdateFromTransaction( |
| 1342 | remoteClient, part, transactionID, currentItem); | 1342 | remoteClient, part, transactionID, currentItem); |
| 1343 | } | 1343 | |
| 1344 | if (part.Inventory.UpdateInventoryItem(itemInfo)) | ||
| 1345 | { | ||
| 1346 | if ((InventoryType)itemInfo.InvType == InventoryType.Notecard) | 1344 | if ((InventoryType)itemInfo.InvType == InventoryType.Notecard) |
| 1347 | remoteClient.SendAgentAlertMessage("Notecard saved", false); | 1345 | remoteClient.SendAgentAlertMessage("Notecard saved", false); |
| 1348 | else if ((InventoryType)itemInfo.InvType == InventoryType.LSL) | 1346 | else if ((InventoryType)itemInfo.InvType == InventoryType.LSL) |
| 1349 | remoteClient.SendAgentAlertMessage("Script saved", false); | 1347 | remoteClient.SendAgentAlertMessage("Script saved", false); |
| 1350 | else | 1348 | else |
| 1351 | remoteClient.SendAgentAlertMessage("Item saved", false); | 1349 | remoteClient.SendAgentAlertMessage("Item saved", false); |
| 1350 | } | ||
| 1352 | 1351 | ||
| 1352 | // Check if we're allowed to mess with permissions | ||
| 1353 | if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god | ||
| 1354 | { | ||
| 1355 | if (remoteClient.AgentId != part.OwnerID) // Not owner | ||
| 1356 | { | ||
| 1357 | // Friends and group members can't change any perms | ||
| 1358 | itemInfo.BasePermissions = currentItem.BasePermissions; | ||
| 1359 | itemInfo.EveryonePermissions = currentItem.EveryonePermissions; | ||
| 1360 | itemInfo.GroupPermissions = currentItem.GroupPermissions; | ||
| 1361 | itemInfo.NextPermissions = currentItem.NextPermissions; | ||
| 1362 | itemInfo.CurrentPermissions = currentItem.CurrentPermissions; | ||
| 1363 | } | ||
| 1364 | else | ||
| 1365 | { | ||
| 1366 | // Owner can't change base, and can change other | ||
| 1367 | // only up to base | ||
| 1368 | // Base ALWAYS has move | ||
| 1369 | currentItem.BasePermissions |= (uint)PermissionMask.Move; | ||
| 1370 | itemInfo.BasePermissions = currentItem.BasePermissions; | ||
| 1371 | itemInfo.EveryonePermissions &= currentItem.BasePermissions; | ||
| 1372 | itemInfo.GroupPermissions &= currentItem.BasePermissions; | ||
| 1373 | itemInfo.CurrentPermissions &= currentItem.BasePermissions; | ||
| 1374 | itemInfo.NextPermissions &= currentItem.BasePermissions; | ||
| 1375 | // Next ALWAYS has move | ||
| 1376 | itemInfo.NextPermissions |= (uint)PermissionMask.Move; | ||
| 1377 | } | ||
| 1378 | |||
| 1379 | } | ||
| 1380 | if (part.Inventory.UpdateInventoryItem(itemInfo)) | ||
| 1381 | { | ||
| 1353 | part.GetProperties(remoteClient); | 1382 | part.GetProperties(remoteClient); |
| 1354 | } | 1383 | } |
| 1355 | } | 1384 | } |
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs index 13e4b56..e331bb0 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs | |||
| @@ -4144,6 +4144,9 @@ namespace OpenSim.Region.Framework.Scenes | |||
| 4144 | // objects | 4144 | // objects |
| 4145 | if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0) | 4145 | if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0) |
| 4146 | _nextOwnerMask |= (uint)PermissionMask.Transfer; | 4146 | _nextOwnerMask |= (uint)PermissionMask.Transfer; |
| 4147 | |||
| 4148 | _nextOwnerMask |= (uint)PermissionMask.Move; | ||
| 4149 | |||
| 4147 | break; | 4150 | break; |
| 4148 | } | 4151 | } |
| 4149 | SendFullUpdateToAllClients(); | 4152 | SendFullUpdateToAllClients(); |
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 517b387..91d9be3 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs | |||
| @@ -600,12 +600,12 @@ namespace OpenSim.Region.Framework.Scenes | |||
| 600 | item.GroupID = m_part.GroupID; | 600 | item.GroupID = m_part.GroupID; |
| 601 | 601 | ||
| 602 | if (item.AssetID == UUID.Zero) | 602 | if (item.AssetID == UUID.Zero) |
| 603 | item.AssetID = it.AssetID; | ||
| 604 | |||
| 605 | lock (m_items) | ||
| 606 | { | 603 | { |
| 607 | m_items[item.ItemID] = item; | 604 | item.AssetID = m_items[item.ItemID].AssetID; |
| 608 | m_inventorySerial++; | 605 | } |
| 606 | else if ((InventoryType)item.Type == InventoryType.Notecard) | ||
| 607 | { | ||
| 608 | ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID); | ||
| 609 | } | 609 | } |
| 610 | 610 | ||
| 611 | if (fireScriptEvents) | 611 | if (fireScriptEvents) |