[JIRA] Updated: (SVC-5054) No-Modify object is modifiable: anyone can disassemble and steal its contents

Nicole Lassally (JIRA) no-reply at lindenlab.cascadeo.com
Mon Nov 16 18:04:02 PST 2009


     [ http://jira.secondlife.com/browse/SVC-5054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nicole Lassally updated SVC-5054:
---------------------------------

    Description: 
To reproduce permission bug:
* Create an object
* Set permission to copy-only (no-modify and no-transfer)
* Put anything into its content with any permission, i.e., create a script with no-permission or drop an object with no-permission.
* Give this object to someone
* Once delivered, rez the object in-world and open its content
* Copy all its contents (scripts including) into inventory
* The contents deliver into inventory

This means that anyone can disassemble all the scripts, texture or anything inside out of an NO-MODIFY object, and steal them from the object and use them on other object even when the object is no-modify supposedly!

No-mod does not allow anyone to unlink or edit any of the prims in the object, but why does it allow people to dissemble its content and remove them out of the content and put it in the inventory and then use those parts to build their own object?  That is not what NO-MODIFY means.

  was:
To reproduce permission bug:
* Create an object
* Set permission to copy-only (no-modify and no-transfer)
* Put anything into its content with any permission, i.e., create a script with no-permission or drop an object with no-permission.
* Give this object to someone
* Once delivered, rez the object in-world and open its content
* Copy all its contents (scripts including) into inventory
* The contents deliver into inventory

This means that anyone can disassemble all the scripts, texture or anything inside out of an NO-MODIFY object, and steal them even when the object is no-modify!

No-mod does not allow anyone to unlink or edit any of the prims in the object, but why does it allow people to dissemble its content and remove them out of the content and put it in the inventory and then use those parts to build their own object?  That is not what NO-MODIFY means.


> No-Modify object is modifiable: anyone can disassemble and steal its contents
> -----------------------------------------------------------------------------
>
>                 Key: SVC-5054
>                 URL: http://jira.secondlife.com/browse/SVC-5054
>             Project: 2. Second Life Service - SVC
>          Issue Type: Bug
>          Components: Permissions
>    Affects Versions: 1.32 Server
>            Reporter: Nicole Lassally
>            Priority: Major
>
> To reproduce permission bug:
> * Create an object
> * Set permission to copy-only (no-modify and no-transfer)
> * Put anything into its content with any permission, i.e., create a script with no-permission or drop an object with no-permission.
> * Give this object to someone
> * Once delivered, rez the object in-world and open its content
> * Copy all its contents (scripts including) into inventory
> * The contents deliver into inventory
> This means that anyone can disassemble all the scripts, texture or anything inside out of an NO-MODIFY object, and steal them from the object and use them on other object even when the object is no-modify supposedly!
> No-mod does not allow anyone to unlink or edit any of the prims in the object, but why does it allow people to dissemble its content and remove them out of the content and put it in the inventory and then use those parts to build their own object?  That is not what NO-MODIFY means.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.secondlife.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


More information about the Jira-notify mailing list