All Projects apt-panopticon  apt-panopticon_cgp boxes meta-impy  ImpyReleaseBuilder NPC-tool SledjHamr  IGnoble  NGIW  opensim-SC toyboxInstaller website - cgit website - CGraphz website - Mantis

View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000247opensim-SCBugpublic2021-06-16 08:542021-08-03 02:00
Reporteronefang Assigned Toonefang  
PriorityimmediateSeveritymajorReproducibilitysometimes
Status resolvedResolutionfixed 
Product Version0.9.0.2 
Target Version0.9.1.1Fixed in Version0.9.1.1 
Summary0000247: Anyone can drag stuff out of boxes they don't own, to places they have no create rights, then edit them.
DescriptionReported by Syldra.
Steps To ReproduceGo to Destiny Shopping sim.
"stuff Ethan imported 06-30-2019 - potted plants" (which isn't owned by you)
Drag things out of that and onto the floor.
Edit the things.
Click the New Script button, see the New Script appear in the contents, see the "script running" output.
Delete the things.
Additional InformationThe object remains the same owner, though you can edit it.
You can't edit other stuff owned by the same person.
TagsNo tags attached.

Activities

onefang

onefang

2021-06-16 08:57

administrator   ~0000345

Note, this is non gods allowed to do this.
onefang

onefang

2021-06-16 09:03

administrator   ~0000346

Still broken in 0.9.1.1
onefang

onefang

2021-06-16 09:15

administrator   ~0000347

Korgi reports it's still broken in 0.9.2.
onefang

onefang

2021-06-16 11:50

administrator   ~0000349

Last edited: 2021-06-16 11:54

it seems that this bug only occurs with items that are set to "anyone can copy" or atleast that's the case in MG anyways.That seems to be the key here.

Korgi

So the dragging out bit isn't really a bug, coz that makes sense. It's the ownership not changing that's the bug. Coz the person that put it in the shop in the first place has creation rights in that sim.

And hence after changing owner, it should refuse to rez if the new owner doesn't have create rights. But they should be able to drag directly to their own inventory. That still leaves the "you now have a glitchy object on the floor / in your inventory" part.
onefang

onefang

2021-06-21 20:02

administrator   ~0000354

Since it only affects objects that are set to "anyone can copy" it seems like more or less the intended function so there's not much really too fix. Davey ended up sending a bug report about it to core anyways though.

Korgi
onefang

onefang

2021-07-07 02:03

administrator   ~0000407

It's the "then edit it" part that is a security bug.
onefang

onefang

2021-07-07 02:34

administrator   ~0000408


http://opensimulator.org/mantis/view.php?id=8900 That's th link, but he says since it is a security issue it's hidden from public view so you need to be able to login to see it.

Korgi
onefang

onefang

2021-08-03 02:00

administrator   ~0000461

Backported from 0.9.2 fix owner on user rez from a prim inventory to ground

Issue History

Date Modified Username Field Change
2021-06-16 08:54 onefang New Issue
2021-06-16 08:54 onefang Status new => assigned
2021-06-16 08:54 onefang Assigned To => onefang
2021-06-16 08:57 onefang Note Added: 0000345
2021-06-16 09:03 onefang Note Added: 0000346
2021-06-16 09:03 onefang Summary Anyone can drag stuff out of boxes they don't own to places they have no edit rights, then edit them. => Anyone can drag stuff out of boxes they don't own to places they have no createrights, then edit them.
2021-06-16 09:14 onefang Steps to Reproduce Updated
2021-06-16 09:15 onefang Note Added: 0000347
2021-06-16 09:16 onefang Summary Anyone can drag stuff out of boxes they don't own to places they have no createrights, then edit them. => Anyone can drag stuff out of boxes they don't own, to places they have no create rights, then edit them.
2021-06-16 11:50 onefang Note Added: 0000349
2021-06-16 11:54 onefang Note Edited: 0000349
2021-06-21 20:02 onefang Note Added: 0000354
2021-07-07 02:03 onefang Note Added: 0000407
2021-07-07 02:34 onefang Note Added: 0000408
2021-07-07 03:00 onefang View Status public => private
2021-08-03 02:00 onefang Status assigned => resolved
2021-08-03 02:00 onefang Resolution open => fixed
2021-08-03 02:00 onefang Fixed in Version => 0.9.1.1
2021-08-03 02:00 onefang Note Added: 0000461
2021-08-03 02:00 onefang View Status private => public