Changes OSSL Api permissions for the case of UUID list. In 0.6.9, the UUIDs
would be the IDs of the prim owners in whose prims these functions would run. This changes it so the UUID is the SCRIPT CREATOR instead. Further, osfunctions limited by uuid will not run if the creator and owner differ and the owner has mod rights on the script. There is still a danger in passing moodifiable scripts to others, as they can insert a harmful function, then remove the mod rights to make it runnable. As before, care needs to be taken, but where it was modable prims that were the risk before, modable scripts are the weak spot now. In cases where prim owner == script creator == script owner, nothing will change.soprefactor
parent
cd77648f48
commit
bfcac0ede8
|
@ -278,10 +278,25 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
||||||
{
|
{
|
||||||
if (!m_FunctionPerms[function].Contains(UUID.Zero))
|
if (!m_FunctionPerms[function].Contains(UUID.Zero))
|
||||||
{
|
{
|
||||||
if (!m_FunctionPerms[function].Contains(m_host.OwnerID))
|
TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID);
|
||||||
|
if (ti == null)
|
||||||
|
{
|
||||||
OSSLError(
|
OSSLError(
|
||||||
String.Format("{0} permission denied. Prim owner is not in the list of users allowed to execute this function.",
|
String.Format("{0} permission error. Can't find script in prim inventory.",
|
||||||
function));
|
function));
|
||||||
|
}
|
||||||
|
if (!m_FunctionPerms[function].Contains(ti.CreatorID))
|
||||||
|
OSSLError(
|
||||||
|
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function.",
|
||||||
|
function));
|
||||||
|
if (ti.CreatorID != ti.OwnerID)
|
||||||
|
{
|
||||||
|
if ((ti.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
|
||||||
|
OSSLError(
|
||||||
|
String.Format("{0} permission denied. Script permissions error.",
|
||||||
|
function));
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue