From df55e5295fe029a9a7d23f71263cbf72c8921884 Mon Sep 17 00:00:00 2001
From: Melanie Thielker
Date: Thu, 15 Jul 2010 20:03:08 +0200
Subject: Fix a few permissions vulnerability. Owners could cause permissions
 escalation on items contained in prims using a hacked viewer

---
 OpenSim/Region/Framework/Scenes/SceneObjectPart.cs | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'OpenSim/Region/Framework/Scenes/SceneObjectPart.cs')

diff --git a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
index 59fd805..6e29312 100644
--- a/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
+++ b/OpenSim/Region/Framework/Scenes/SceneObjectPart.cs
@@ -4137,6 +4137,13 @@ namespace OpenSim.Region.Framework.Scenes
                     case 16:
                         _nextOwnerMask = ApplyMask(_nextOwnerMask, set, mask) &
                                 baseMask;
+                        // Prevent the client from creating no mod, no copy
+                        // objects
+                        if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0)
+                            _nextOwnerMask |= (uint)PermissionMask.Transfer;
+
+                        _nextOwnerMask |= (uint)PermissionMask.Move;
+
                         break;
                 }
                 SendFullUpdateToAllClients();
-- 
cgit v1.1