Changes OSSL Api permissions for the case of UUID list. In 0.6.9, the UUIDs

would be the IDs of the prim owners in whose prims these functions would
run. This changes it so the UUID is the SCRIPT CREATOR instead. Further,
osfunctions limited by uuid will not run if the creator and owner differ
and the owner has mod rights on the script.
There is still a danger in passing moodifiable scripts to others, as they
can insert a harmful function, then remove the mod rights to make it runnable.
As before, care needs to be taken, but where it was modable prims that were
the risk before, modable scripts are the weak spot now.
In cases where prim owner == script creator == script owner, nothing will
change.
soprefactor
Melanie Thielker 2010-05-30 13:46:05 +02:00 committed by Melanie
parent cd77648f48
commit bfcac0ede8
1 changed files with 18 additions and 3 deletions

View File

@ -278,10 +278,25 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
{ {
if (!m_FunctionPerms[function].Contains(UUID.Zero)) if (!m_FunctionPerms[function].Contains(UUID.Zero))
{ {
if (!m_FunctionPerms[function].Contains(m_host.OwnerID)) TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID);
if (ti == null)
{
OSSLError( OSSLError(
String.Format("{0} permission denied. Prim owner is not in the list of users allowed to execute this function.", String.Format("{0} permission error. Can't find script in prim inventory.",
function)); function));
}
if (!m_FunctionPerms[function].Contains(ti.CreatorID))
OSSLError(
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function.",
function));
if (ti.CreatorID != ti.OwnerID)
{
if ((ti.CurrentPermissions & (uint)PermissionMask.Modify) != 0)
OSSLError(
String.Format("{0} permission denied. Script permissions error.",
function));
}
} }
} }
} }