diff options
author | Melanie Thielker | 2010-07-15 20:03:08 +0200 |
---|---|---|
committer | Diva Canto | 2010-07-20 14:52:25 -0700 |
commit | df55e5295fe029a9a7d23f71263cbf72c8921884 (patch) | |
tree | c5ea67b534a225b1e1c99f22dac015f51cb19a1d /OpenSim/Region | |
parent | Relaxed the ultra-conservative lock on m_items. Needs testing under linux and... (diff) | |
download | opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.zip opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.tar.gz opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.tar.bz2 opensim-SC_OLD-df55e5295fe029a9a7d23f71263cbf72c8921884.tar.xz |
Fix a few permissions vulnerability. Owners could cause permissions
escalation on items contained in prims using a hacked viewer
Diffstat (limited to 'OpenSim/Region')
-rw-r--r-- | OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 35 | ||||
-rw-r--r-- | OpenSim/Region/Framework/Scenes/SceneObjectPart.cs | 7 | ||||
-rw-r--r-- | OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs | 10 |
3 files changed, 44 insertions, 8 deletions
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs index 96a9d97..5f41f4b 100644 --- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs +++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | |||
@@ -1339,16 +1339,45 @@ namespace OpenSim.Region.Framework.Scenes | |||
1339 | { | 1339 | { |
1340 | agentTransactions.HandleTaskItemUpdateFromTransaction( | 1340 | agentTransactions.HandleTaskItemUpdateFromTransaction( |
1341 | remoteClient, part, transactionID, currentItem); | 1341 | remoteClient, part, transactionID, currentItem); |
1342 | } | 1342 | |
1343 | if (part.Inventory.UpdateInventoryItem(itemInfo)) | ||
1344 | { | ||
1345 | if ((InventoryType)itemInfo.InvType == InventoryType.Notecard) | 1343 | if ((InventoryType)itemInfo.InvType == InventoryType.Notecard) |
1346 | remoteClient.SendAgentAlertMessage("Notecard saved", false); | 1344 | remoteClient.SendAgentAlertMessage("Notecard saved", false); |
1347 | else if ((InventoryType)itemInfo.InvType == InventoryType.LSL) | 1345 | else if ((InventoryType)itemInfo.InvType == InventoryType.LSL) |
1348 | remoteClient.SendAgentAlertMessage("Script saved", false); | 1346 | remoteClient.SendAgentAlertMessage("Script saved", false); |
1349 | else | 1347 | else |
1350 | remoteClient.SendAgentAlertMessage("Item saved", false); | 1348 | remoteClient.SendAgentAlertMessage("Item saved", false); |
1349 | } | ||
1351 | 1350 | ||
1351 | // Check if we're allowed to mess with permissions | ||
1352 | if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god | ||
1353 | { | ||
1354 | if (remoteClient.AgentId != part.OwnerID) // Not owner | ||
1355 | { | ||
1356 | // Friends and group members can't change any perms | ||
1357 | itemInfo.BasePermissions = currentItem.BasePermissions; | ||
1358 | itemInfo.EveryonePermissions = currentItem.EveryonePermissions; | ||
1359 | itemInfo.GroupPermissions = currentItem.GroupPermissions; | ||
1360 | itemInfo.NextPermissions = currentItem.NextPermissions; | ||
1361 | itemInfo.CurrentPermissions = currentItem.CurrentPermissions; | ||
1362 | } | ||
1363 | else | ||
1364 | { | ||
1365 | // Owner can't change base, and can change other | ||
1366 | // only up to base | ||
1367 | // Base ALWAYS has move | ||
1368 | currentItem.BasePermissions |= (uint)PermissionMask.Move; | ||
1369 | itemInfo.BasePermissions = currentItem.BasePermissions; | ||
1370 | itemInfo.EveryonePermissions &= currentItem.BasePermissions; | ||
1371 | itemInfo.GroupPermissions &= currentItem.BasePermissions; | ||
1372 | itemInfo.CurrentPermissions &= currentItem.BasePermissions; | ||
1373 | itemInfo.NextPermissions &= currentItem.BasePermissions; | ||
1374 | // Next ALWAYS has move | ||
1375 | itemInfo.NextPermissions |= (uint)PermissionMask.Move; | ||
1376 | } | ||
1377 | |||
1378 | } | ||
1379 | if (part.Inventory.UpdateInventoryItem(itemInfo)) | ||
1380 | { | ||
1352 | part.GetProperties(remoteClient); | 1381 | part.GetProperties(remoteClient); |
1353 | } | 1382 | } |
1354 | } | 1383 | } |
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs index 59fd805..6e29312 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs | |||
@@ -4137,6 +4137,13 @@ namespace OpenSim.Region.Framework.Scenes | |||
4137 | case 16: | 4137 | case 16: |
4138 | _nextOwnerMask = ApplyMask(_nextOwnerMask, set, mask) & | 4138 | _nextOwnerMask = ApplyMask(_nextOwnerMask, set, mask) & |
4139 | baseMask; | 4139 | baseMask; |
4140 | // Prevent the client from creating no mod, no copy | ||
4141 | // objects | ||
4142 | if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0) | ||
4143 | _nextOwnerMask |= (uint)PermissionMask.Transfer; | ||
4144 | |||
4145 | _nextOwnerMask |= (uint)PermissionMask.Move; | ||
4146 | |||
4140 | break; | 4147 | break; |
4141 | } | 4148 | } |
4142 | SendFullUpdateToAllClients(); | 4149 | SendFullUpdateToAllClients(); |
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs index 20d5486..0ec15c1 100644 --- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs +++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs | |||
@@ -600,12 +600,12 @@ namespace OpenSim.Region.Framework.Scenes | |||
600 | item.GroupID = m_part.GroupID; | 600 | item.GroupID = m_part.GroupID; |
601 | 601 | ||
602 | if (item.AssetID == UUID.Zero) | 602 | if (item.AssetID == UUID.Zero) |
603 | item.AssetID = it.AssetID; | ||
604 | |||
605 | lock (m_items) | ||
606 | { | 603 | { |
607 | m_items[item.ItemID] = item; | 604 | item.AssetID = m_items[item.ItemID].AssetID; |
608 | m_inventorySerial++; | 605 | } |
606 | else if ((InventoryType)item.Type == InventoryType.Notecard) | ||
607 | { | ||
608 | ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID); | ||
609 | } | 609 | } |
610 | 610 | ||
611 | if (fireScriptEvents) | 611 | if (fireScriptEvents) |