Fix a few permissions vulnerability. Owners could cause permissions
escalation on items contained in prims using a hacked vieweravinationmerge
parent
ddfff55cc7
commit
8d2b4b7b48
|
@ -1359,16 +1359,45 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
{
|
||||
agentTransactions.HandleTaskItemUpdateFromTransaction(
|
||||
remoteClient, part, transactionID, currentItem);
|
||||
}
|
||||
if (part.Inventory.UpdateInventoryItem(itemInfo))
|
||||
{
|
||||
|
||||
if ((InventoryType)itemInfo.InvType == InventoryType.Notecard)
|
||||
remoteClient.SendAgentAlertMessage("Notecard saved", false);
|
||||
else if ((InventoryType)itemInfo.InvType == InventoryType.LSL)
|
||||
remoteClient.SendAgentAlertMessage("Script saved", false);
|
||||
else
|
||||
remoteClient.SendAgentAlertMessage("Item saved", false);
|
||||
}
|
||||
|
||||
// Check if we're allowed to mess with permissions
|
||||
if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god
|
||||
{
|
||||
if (remoteClient.AgentId != part.OwnerID) // Not owner
|
||||
{
|
||||
// Friends and group members can't change any perms
|
||||
itemInfo.BasePermissions = currentItem.BasePermissions;
|
||||
itemInfo.EveryonePermissions = currentItem.EveryonePermissions;
|
||||
itemInfo.GroupPermissions = currentItem.GroupPermissions;
|
||||
itemInfo.NextPermissions = currentItem.NextPermissions;
|
||||
itemInfo.CurrentPermissions = currentItem.CurrentPermissions;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Owner can't change base, and can change other
|
||||
// only up to base
|
||||
// Base ALWAYS has move
|
||||
currentItem.BasePermissions |= (uint)PermissionMask.Move;
|
||||
itemInfo.BasePermissions = currentItem.BasePermissions;
|
||||
itemInfo.EveryonePermissions &= currentItem.BasePermissions;
|
||||
itemInfo.GroupPermissions &= currentItem.BasePermissions;
|
||||
itemInfo.CurrentPermissions &= currentItem.BasePermissions;
|
||||
itemInfo.NextPermissions &= currentItem.BasePermissions;
|
||||
// Next ALWAYS has move
|
||||
itemInfo.NextPermissions |= (uint)PermissionMask.Move;
|
||||
}
|
||||
|
||||
}
|
||||
if (part.Inventory.UpdateInventoryItem(itemInfo))
|
||||
{
|
||||
part.GetProperties(remoteClient);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4156,6 +4156,9 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
// objects
|
||||
if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0)
|
||||
_nextOwnerMask |= (uint)PermissionMask.Transfer;
|
||||
|
||||
_nextOwnerMask |= (uint)PermissionMask.Move;
|
||||
|
||||
break;
|
||||
}
|
||||
SendFullUpdateToAllClients();
|
||||
|
|
|
@ -762,12 +762,6 @@ namespace OpenSim.Region.Framework.Scenes
|
|||
else if ((InventoryType)item.Type == InventoryType.Notecard)
|
||||
{
|
||||
ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID);
|
||||
|
||||
if (presence != null)
|
||||
{
|
||||
presence.ControllingClient.SendAgentAlertMessage(
|
||||
"Notecard saved", false);
|
||||
}
|
||||
}
|
||||
|
||||
m_items[item.ItemID] = item;
|
||||
|
|
Loading…
Reference in New Issue