From 8d2b4b7b487f7a35b610d894c03619e638866473 Mon Sep 17 00:00:00 2001
From: Melanie Thielker
Date: Thu, 15 Jul 2010 20:03:08 +0200
Subject: Fix a few permissions vulnerability. Owners could cause permissions
escalation on items contained in prims using a hacked viewer
---
OpenSim/Region/Framework/Scenes/Scene.Inventory.cs | 35 ++++++++++++++++++++--
OpenSim/Region/Framework/Scenes/SceneObjectPart.cs | 3 ++
.../Framework/Scenes/SceneObjectPartInventory.cs | 6 ----
3 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
index c77efc7..e1674be 100644
--- a/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
+++ b/OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
@@ -1359,16 +1359,45 @@ namespace OpenSim.Region.Framework.Scenes
{
agentTransactions.HandleTaskItemUpdateFromTransaction(
remoteClient, part, transactionID, currentItem);
- }
- if (part.Inventory.UpdateInventoryItem(itemInfo))
- {
+
if ((InventoryType)itemInfo.InvType == InventoryType.Notecard)
remoteClient.SendAgentAlertMessage("Notecard saved", false);
else if ((InventoryType)itemInfo.InvType == InventoryType.LSL)
remoteClient.SendAgentAlertMessage("Script saved", false);
else
remoteClient.SendAgentAlertMessage("Item saved", false);
+ }
+ // Check if we're allowed to mess with permissions
+ if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god
+ {
+ if (remoteClient.AgentId != part.OwnerID) // Not owner
+ {
+ // Friends and group members can't change any perms
+ itemInfo.BasePermissions = currentItem.BasePermissions;
+ itemInfo.EveryonePermissions = currentItem.EveryonePermissions;
+ itemInfo.GroupPermissions = currentItem.GroupPermissions;
+ itemInfo.NextPermissions = currentItem.NextPermissions;
+ itemInfo.CurrentPermissions = currentItem.CurrentPermissions;
+ }
+ else
+ {
+ // Owner can't change base, and can change other
+ // only up to base
+ // Base ALWAYS has move
+ currentItem.BasePermissions |= (uint)PermissionMask.Move;
+ itemInfo.BasePermissions = currentItem.BasePermissions;
+ itemInfo.EveryonePermissions &= currentItem.BasePermissions;
+ itemInfo.GroupPermissions &= currentItem.BasePermissions;
+ itemInfo.CurrentPermissions &= currentItem.BasePermissions;
+ itemInfo.NextPermissions &= currentItem.BasePermissions;
+ // Next ALWAYS has move
+ itemInfo.NextPermissions |= (uint)PermissionMask.Move;
+ }
+
+ }
+ if (part.Inventory.UpdateInventoryItem(itemInfo))
+ {
part.GetProperties(remoteClient);
}
}
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
index 87b2d74..b19c443 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
@@ -4156,6 +4156,9 @@ namespace OpenSim.Region.Framework.Scenes
// objects
if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0)
_nextOwnerMask |= (uint)PermissionMask.Transfer;
+
+ _nextOwnerMask |= (uint)PermissionMask.Move;
+
break;
}
SendFullUpdateToAllClients();
diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
index 0066158..2a3727a 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectPartInventory.cs
@@ -762,12 +762,6 @@ namespace OpenSim.Region.Framework.Scenes
else if ((InventoryType)item.Type == InventoryType.Notecard)
{
ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID);
-
- if (presence != null)
- {
- presence.ControllingClient.SendAgentAlertMessage(
- "Notecard saved", false);
- }
}
m_items[item.ItemID] = item;
--
cgit v1.1