Fix a few permissions vulnerability. Owners could cause permissions

escalation on items contained in prims using a hacked viewer
0.7-release
Melanie Thielker 2010-07-15 20:03:08 +02:00 committed by Diva Canto
parent d93a442483
commit df55e5295f
3 changed files with 44 additions and 8 deletions

View File

@ -1339,16 +1339,45 @@ namespace OpenSim.Region.Framework.Scenes
{ {
agentTransactions.HandleTaskItemUpdateFromTransaction( agentTransactions.HandleTaskItemUpdateFromTransaction(
remoteClient, part, transactionID, currentItem); remoteClient, part, transactionID, currentItem);
}
if (part.Inventory.UpdateInventoryItem(itemInfo))
{
if ((InventoryType)itemInfo.InvType == InventoryType.Notecard) if ((InventoryType)itemInfo.InvType == InventoryType.Notecard)
remoteClient.SendAgentAlertMessage("Notecard saved", false); remoteClient.SendAgentAlertMessage("Notecard saved", false);
else if ((InventoryType)itemInfo.InvType == InventoryType.LSL) else if ((InventoryType)itemInfo.InvType == InventoryType.LSL)
remoteClient.SendAgentAlertMessage("Script saved", false); remoteClient.SendAgentAlertMessage("Script saved", false);
else else
remoteClient.SendAgentAlertMessage("Item saved", false); remoteClient.SendAgentAlertMessage("Item saved", false);
}
// Check if we're allowed to mess with permissions
if (!Permissions.IsGod(remoteClient.AgentId)) // Not a god
{
if (remoteClient.AgentId != part.OwnerID) // Not owner
{
// Friends and group members can't change any perms
itemInfo.BasePermissions = currentItem.BasePermissions;
itemInfo.EveryonePermissions = currentItem.EveryonePermissions;
itemInfo.GroupPermissions = currentItem.GroupPermissions;
itemInfo.NextPermissions = currentItem.NextPermissions;
itemInfo.CurrentPermissions = currentItem.CurrentPermissions;
}
else
{
// Owner can't change base, and can change other
// only up to base
// Base ALWAYS has move
currentItem.BasePermissions |= (uint)PermissionMask.Move;
itemInfo.BasePermissions = currentItem.BasePermissions;
itemInfo.EveryonePermissions &= currentItem.BasePermissions;
itemInfo.GroupPermissions &= currentItem.BasePermissions;
itemInfo.CurrentPermissions &= currentItem.BasePermissions;
itemInfo.NextPermissions &= currentItem.BasePermissions;
// Next ALWAYS has move
itemInfo.NextPermissions |= (uint)PermissionMask.Move;
}
}
if (part.Inventory.UpdateInventoryItem(itemInfo))
{
part.GetProperties(remoteClient); part.GetProperties(remoteClient);
} }
} }

View File

@ -4137,6 +4137,13 @@ namespace OpenSim.Region.Framework.Scenes
case 16: case 16:
_nextOwnerMask = ApplyMask(_nextOwnerMask, set, mask) & _nextOwnerMask = ApplyMask(_nextOwnerMask, set, mask) &
baseMask; baseMask;
// Prevent the client from creating no mod, no copy
// objects
if ((_nextOwnerMask & (uint)PermissionMask.Copy) == 0)
_nextOwnerMask |= (uint)PermissionMask.Transfer;
_nextOwnerMask |= (uint)PermissionMask.Move;
break; break;
} }
SendFullUpdateToAllClients(); SendFullUpdateToAllClients();

View File

@ -600,12 +600,12 @@ namespace OpenSim.Region.Framework.Scenes
item.GroupID = m_part.GroupID; item.GroupID = m_part.GroupID;
if (item.AssetID == UUID.Zero) if (item.AssetID == UUID.Zero)
item.AssetID = it.AssetID;
lock (m_items)
{ {
m_items[item.ItemID] = item; item.AssetID = m_items[item.ItemID].AssetID;
m_inventorySerial++; }
else if ((InventoryType)item.Type == InventoryType.Notecard)
{
ScenePresence presence = m_part.ParentGroup.Scene.GetScenePresence(item.OwnerID);
} }
if (fireScriptEvents) if (fireScriptEvents)