Fix a few permissions vulnerability. Owners could cause permissions

escalation on items contained in prims using a hacked viewer
avinationmerge
Melanie Thielker 2010-07-15 20:03:08 +02:00
parent ddfff55cc7
commit 8d2b4b7b48
3 changed files with 35 additions and 9 deletions

View File

@ -1359,16 +1359,45 @@ namespace OpenSim.Region.Framework.Scenes
{
agentTransactions.HandleTaskItemUpdateFromTransaction(
remoteClient, part, transactionID, currentItem);
}
if (part.Inventory.UpdateInventoryItem(itemInfo))
{
if ((InventoryType)itemInfo.InvType == InventoryType.Notecard)
remoteClient.SendAgentAlertMessage("Notecard saved", false);
else if ((InventoryType)itemInfo.InvType == InventoryType.LSL)
remoteClient.SendAgentAlertMessage("Script saved", false);
else
remoteClient.SendAgentAlertMessage("Item saved", false);
}
// Check if we're allowed to mess with permissions
if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god
{
if (remoteClient.AgentId != part.OwnerID) // Not owner
{
// Friends and group members can't change any perms
itemInfo.BasePermissions = currentItem.BasePermissions;
itemInfo.EveryonePermissions = currentItem.EveryonePermissions;
itemInfo.GroupPermissions = currentItem.GroupPermissions;
itemInfo.NextPermissions = currentItem.NextPermissions;
itemInfo.CurrentPermissions = currentItem.CurrentPermissions;
}
else
{
// Owner can't change base, and can change other
// only up to base
// Base ALWAYS has move
currentItem.BasePermissions |= (uint)PermissionMask.Move;
itemInfo.BasePermissions = currentItem.BasePermissions;
itemInfo.EveryonePermissions &= currentItem.BasePermissions;
itemInfo.GroupPermissions &= currentItem.BasePermissions;
itemInfo.CurrentPermissions &= currentItem.BasePermissions;
itemInfo.NextPermissions &= currentItem.BasePermissions;
// Next ALWAYS has move
itemInfo.NextPermissions |= (uint)PermissionMask.Move;
}
}
if (part.Inventory.UpdateInventoryItem(itemInfo))
{
part.GetProperties(remoteClient);
}
}

View File

@ -4156,6 +4156,9 @@ namespace OpenSim.Region.Framework.Scenes
// objects
if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0)
_nextOwnerMask |= (uint)PermissionMask.Transfer;
_nextOwnerMask |= (uint)PermissionMask.Move;
break;
}
SendFullUpdateToAllClients();

View File

@ -762,12 +762,6 @@ namespace OpenSim.Region.Framework.Scenes
else if ((InventoryType)item.Type == InventoryType.Notecard)
{
ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID);
if (presence != null)
{
presence.ControllingClient.SendAgentAlertMessage(
"Notecard saved", false);
}
}
m_items[item.ItemID] = item;