Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002670opensim[REGION] OpenSim Corepublic2008-11-22 08:202011-12-12 10:34
Reportermirceakitsune 
Assigned To 
PriorityurgentSeveritymajorReproducibilityalways
StatusnewResolutionopen 
PlatformPentium 4OSWindows XP Media CenterOS VersionSP3 32bit
Product Version 
Target VersionFixed in Version 
Summary0002670: Possible griefing method - Unlinking a linkset with child prims stretching to a neighbor causes prims to project to neighbor
DescriptionA few days ago a griefer put a primitive with offending images into my sim. I tried to delete it and restore sim backups but soon found out that the primitive, which technically and in-world is totally into my sim, is not considered to be on my sim and I didn't have rights to delete it nor restoring my sim helped. I tried to see how the griefer managed to put a single primitive over my region and have that primitive not considered to be on it and found out the security issue which can allow doing such a thing;

Create a longer linkset of two prims... say 40m from one another. Now move that linkset so that the child prim in it reaches into a neighboring sim but the center of the linkset and the main prim remain in the same region (just move the center of the linkset close to the border but don't cross it). Now unlink the object and delete the prim which was the main prim and remained in your region. Issue: The prim which was the child prim and got unlinked while being into the neighboring region remains in the neighboring region but is considered to be into the region the linkset was in before unlinked. Basically, the owner of that region still has rights over the prim and the prim is still stored in it while the prim entirely sits in the neighbor.

Since my neighbor allows building but has serverside_object_permissions set to TRUE, the griefer managed to put the offending single primitive into my sim and have me unable to delete it because, even if the primitive is into my sim, it remains stored and considered to be in my neighbor. Basically, when unlinking an object and child prims that stretched to a neighbor are unlinked too, they are offset out of bounds in to the neighboring region but still stored / considered in the region the linkset was in.
Steps To Reproduce2nd paragraph in the Description field above.
Additional InformationPossible ways to solve this;

1 - Not allow an object to push only child prims past the border, and if border crossing is enabled either cross the object all the way past or not. Maybe only if the neighboring parcel has "Object Entry" disabled? Not most recommended in my opinion.

2 - Not allow unlinking an object if the entire object isn't sitting in the same region and has child prims poking out into a neighbor or out of bounds.

3 - If an object which has child prims stretched to a neighbor is unlinked, the child prims would jump back at the border limit into the sim the linkset was in so they remain in the same region.

4 - As long as "Object Entry" is not disabled on the parcel of the neighbor the linkset stretches in, the unlinked child prims are correctly border-crossed to your that neighbor once they are no longer part of the linkset which was sitting its neighboring sim.
TagsNo tags attached.
Git Revision or version number
Run Mode Grid (1 Region per Sim)
Physics EngineODE
Script Engine
Environment.NET / Windows32
Mono VersionNone
Viewer
Attached Files

- Relationships
child of 0002870new META - Linking issues 

-  Notes
(0007273)
melanie (administrator)
2008-11-22 08:23

0000004 is the correct way to handle this. The current state (e.g. allowing out-of-sim coordinates on a root prim) is totally unacceptable.
(0012453)
mirceakitsune (reporter)
2009-07-15 09:21

Tested again in rev 10027, so far this is still possible.
(0020507)
mirceakitsune (reporter)
2011-12-12 08:00

Tested this again with my r/17539 sim on a neighbor. Although dragging a single object across borders deleted / returned my object, the linkset trick still works, and can be used to position a prim < 0 or > 255 making it show in someone else's region.
(0020513)
Bo Iwu (reporter)
2011-12-12 10:34

Not sure, but isn't this related to the "megaregion hack"? I hoped it is in "non-continuous" mode disabled.

- Issue History
Date Modified Username Field Change
2008-11-22 08:20 mirceakitsune New Issue
2008-11-22 08:20 mirceakitsune SVN Revision => 7422
2008-11-22 08:20 mirceakitsune Run Mode => Grid (1 Region per Sim)
2008-11-22 08:20 mirceakitsune Physics Engine => ODE
2008-11-22 08:20 mirceakitsune Environment => .NET / Windows32
2008-11-22 08:20 mirceakitsune Priority normal => immediate
2008-11-22 08:22 mirceakitsune Category [GRID] Asset Server => [REGION] OpenSim Core
2008-11-22 08:23 melanie Note Added: 0007273
2008-12-18 13:12 Teravus Relationship added child of 0002870
2009-07-15 09:21 mirceakitsune Note Added: 0012453
2009-07-15 09:22 mirceakitsune Mono Version => None
2009-07-15 09:22 mirceakitsune Priority immediate => urgent
2011-12-12 08:00 mirceakitsune Note Added: 0020507
2011-12-12 10:34 Bo Iwu Note Added: 0020513


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker