OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix an obscure permissions exploit. Taking items from a friend's prim could 

possibly result in a privilege escalation
avinationmerge
Melanie Thielker 2014-10-16 03:53:56 +02:00
parent bfb5185747
commit 14259b5f99
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
OpenSim/Region/Framework/Scenes/Scene.Inventory.cs
View File

@ -1236,17 +1236,15 @@ namespace OpenSim.Region.Framework.Scenes
agentItem.BasePermissions = taskItem.BasePermissions & (taskItem.NextPermissions | (uint)PermissionMask.Move); agentItem.BasePermissions = taskItem.BasePermissions & (taskItem.NextPermissions | (uint)PermissionMask.Move);
if (taskItem.InvType == (int)InventoryType.Object) if (taskItem.InvType == (int)InventoryType.Object)
{ {
uint perms = taskItem.CurrentPermissions; uint perms = taskItem.BasePermissions & taskItem.NextPermissions;
PermissionsUtil.ApplyFoldedPermissions(taskItem.CurrentPermissions, ref perms); PermissionsUtil.ApplyFoldedPermissions(taskItem.CurrentPermissions, ref perms);
// agentItem.BasePermissions = perms | (uint)PermissionMask.Move; // agentItem.BasePermissions = perms | (uint)PermissionMask.Move;
// agentItem.CurrentPermissions = agentItem.BasePermissions; // agentItem.CurrentPermissions = agentItem.BasePermissions;
agentItem.CurrentPermissions = perms | (uint)PermissionMask.Move; agentItem.BasePermissions = perms | (uint)PermissionMask.Move;
}
else
{
agentItem.CurrentPermissions = agentItem.BasePermissions & taskItem.CurrentPermissions;
} }
agentItem.CurrentPermissions = agentItem.BasePermissions;
agentItem.Flags |= (uint)InventoryItemFlags.ObjectSlamPerm; agentItem.Flags |= (uint)InventoryItemFlags.ObjectSlamPerm;
agentItem.NextPermissions = taskItem.NextPermissions; agentItem.NextPermissions = taskItem.NextPermissions;
agentItem.EveryOnePermissions = taskItem.EveryonePermissions & (taskItem.NextPermissions | (uint)PermissionMask.Move); agentItem.EveryOnePermissions = taskItem.EveryonePermissions & (taskItem.NextPermissions | (uint)PermissionMask.Move);