Adhoc Inventory Permissions Test

From Second Life Wiki
Revision as of 15:40, 31 July 2015 by Caleb Linden (talk | contribs)
Jump to navigation Jump to search


Copy a no-copy object

  1. Give attachments by dropping them on an av
    1. UserA, wear a no-copy box
    2. Attempt to drag the worn box from your inventory to UserB's Avatar

(Fix: The item is not offered to the other person)

  1. give attachments by dropping them on a profile
    1. UserA, wear a no-copy item
    2. Drag the attachment onto UserB's opened calling card, unopened calling card in your inventory, or finder profile.
    3. You will get an error: "Second Life: System unable to transfer inventory."
    4. The object will disappear from your inventory, but you will still be wearing it.
    5. You can drop the attachment and take it again.

(Fix: The item is not offered to the other person)

3) dupe attachments when flying offworld

  • Attach a rocket pack and fly off the grid by flying through the corner of 3 sims and failing handoff
  • Detach the object if it's still visible.
  • Later, the attachment may reappear. Detach this 2nd copy.

4) rez multiple objects while sim is lagged

  • Go to a busy sim, such as a sandbox.
  • Quickly drag a no-copy object to the ground multiple times before the object rezzes in.

5) put object in folder and rez folder

  • Make a new folder and put a no-copy object into it.
  • Drag the folder to the ground. A container item labelled "Many Things" would appear on the ground containing the no-copy object.

You can no longer rez a non-object.

6) put object in folder and give folder

  • Put a no-copy object into a folder and drop the folder on another user's Avatar, opened calling card, unopened calling card in your inventory, or finder profile.

7) put no-copy object into an attachment you are wearing

  • Drag an inventory item into the contents of an attachment you are wearing. Try both ctrl-dropping it onto attachment and dragging it into the contents folder.

8) llGiveInventory a no-copy object to your attachment, then detach and rez multiple copies of your still copyable attachment

  • buy a no-copy object
  • ctrl-drop it into an object you own called 'sender'
  • attach 'receiver' object to your hand
  • manually copy key reported by receiver into the sender script target
  • click on sender, no-copy object will xfer to receiver (new, correct behavior is the sender will say "Unable to give inventory: Blocked by permissions")
  • detach receiver to inventory
  • note that you can now rez many copies of receiver, all containing no-copy object
// sender script:
key target = "51f0cbf4-803c-9860-c4b2-a939b5f8e57d";
default
{
    touch_start(integer total_number)
    {
         llGiveInventory(target, "Object");
    }
}


// receiver script: 
default
{
   state_entry()
   {
       llSay(0, (string)llGetKey());
       llAllowInventoryDrop(TRUE);
   }
}


9) Put a no-copy object into a container and set the no-copy object for sale. A dupe appears in your Lost and Found. (Fix: The purchase fails silently)

10 and 11 are depricated, joints are kaput

10) Throwing a jointed object off world #1

  • UserA sells a modifiable, no-copy object to UserB.
  • UserB makes it physical, joints it to a new box (such that the no-copy object is the joint-child) and throws the jointed set into the void.
  • 2 objects will be returned. One is the original, and the other is a copy of the child with changed creator tags.

11) Throwing a jointed object off world #2

  • UserA sells a modifiable, no-copy object to UserB.
  • UserB puts the no-copy object into the child object of a new jointed set, sets the jointed set physical, and throws it into the void.
  • 2 objects will be returned. One is the original, and the other is a copy of the child. Both objects will contain a copy of the no-copy object in the contents.

12) Copy no copy object by sitting on it and shift-dragging an attachment

  • Drag the no-copy object onto the ground.
  • Make a box and attach it to the avatar.
  • Sit on the no-copy object.
  • Edit the box on the avatar, hold shift and pull-copy

13) can disable no-copy/no-transfer permissions with linking and unlinking (bug 1434)

  • Rez 2 boxes, A and B, and turn on the next owner perms.
  • Rez a no-transfer object that you have modify permissions on. Call it C.
  • Select C then B then A and Link.
  • Select individual and unlink A.
  • Link the linked set(of B and C) to A.
  • Unlink the whole linked set.
  • C is no longer no-transfer.

14) can copy a new no-copy object if it has not yet been rezzed (bug 1438)

  • Deed a next owner no-copy, yes-modify object.
  • Deed a next owner permissive object.
  • Link the no-copy object to the permissive object.
  • You can copy the linked object.

15) can copy a new no-copy object if it has not yet been rezzed #2 (bug 1438)

  • UserA, create a next owner no-copy, yes-modify object and a next owner permissive object. Set them both for sale, Original.
  • UserB, buy them. Link the no-copy to the permissive. Set for sale original.
  • UserA, buy the object.
  • UserA is able to copy the object.

16) can copy a new no-copy object if it has not yet been rezzed #3 (bug 1438)

  • UserA, create a no-copy, next owner no-copy, next owner modify object and a next owner permissive object. Link them together (permissive as root).
  • Set for sale, original.
  • UserB, buy the object.
  • UserB is able to copy the object.

17) make outfit can copy a no-copy object which is in your attachment

  • Put your no-copy object into the contents of a box. Attach the box.
  • Enter appearance and make a new outfit.
  • The attachment will be duplicated along with the no-copy object inside.

18) can copy a no-copy object by linking it to a yes-copy object and modifying

  • Rez the M/C/NT object (Object A).
  • Rez a cube and set the cube's permissions to M/C/T.
  • Link Object A to the cube so that the cube is the parent prim.

Permissions are now M/C/NT on the object. The permission checkboxes are correctly disabled and can't be changed.

  • Select the "Edit Linked Parts" option and select one of the prims in Object A. Change it's twist, topsize, or another parameter.
  • De-select the "Edit Linked Parts" option and return to the General tab. The permission checkboxes are no longer disabled and you can enable the "Copy" checkbox.

19) can copy no-copy objects via Wear / Drop

  • Go to a sim with low (~10) SimFPS? for best results.
  • Make a no-copy box.
  • Right-click the box, More> Wear.
  • Quickly right-click the box and Drop it into the world.
  • Observe: There is a box on the ground and one in your inventory.

20) copy a no-copy object via attachment and latency

  • Run the client with these settings, "C:\Program Files\SecondLife\SecondLife.exe" -inbw 128000
  • Place 15 boxes with the following script nearby. This should give you 1-3 seconds of latency.
default
{
   state_entry()
   {
       while(1) llSetColor(<llFrand(1),llFrand(1),llFrand(1)>,ALL_SIDES);
   }
}


  • Put 3 no-copy items into a container primitive.
  • Take the container into inventory.
  • Right-click > Wear the container.
  • Drag the no-copy items from the container into a folder of your inventory. (click the "Don't show me this dialog" checkbox on the "Always move inventory from objects in world" dialog box)
  • If you drag them quickly enough, you will hear the "thunk" as they move into inventory, even though they may still appear in the contents pane.
    • Quickly Detach the container to inventory by right-clicking the attachment in world> Detach.
  • The detach process should take a couple seconds if you have proper lag.
    • Attempt to drag the container to the ground while it is still highlighted/attached.
    • As soon as the attachment is no longer highlighted, release your mouse button to rez it on the ground.
    • Edit the container.
    • Observe: The no-copy items are in your inventory, and they are also in the container.

Transfer no-transfer objects

1) llGiveInventory a no-transfer object to your attachment, then detach and give away your still transferable attachment. (The no-transfer item will now be removed when the next person rezzes it.)

2) (note: this will not be fixed until 1.6) no-transfer is not applied to next-owner if contents is no-copy (Bug 1437)

  • UserA create 2 boxes. Name them A and B. Set them to next owner yes-copy, yes-modify, no-transfer.
  • Create a script(or any item that is set to next owner no-copy) in the contents of box A. Take the boxes separately and give them to UserB?.
  • UserB, accept the boxes.

Expected: both boxes should be no-transfer.

3)(note: this will not be fixed until 1.6. Also, this repro doesn't work for me) no-transfer is not applied to next-owner if contents is no-copy #2 (Bug 1437)

  • put A in a box in world and pull back out - it will be transferrable. I think through this and some simple scripts there are a few wide open exploits available.

4) Transfer no-transfer objects by copy-unlink-link

  • UserA, create 2 boxes, link them together. Turn on Next-owner modify & copy, turn off Next-owner transfer. Give the linked set to UserB?.
  • UserB, rez the linked set.
  • Hit ctrl-d to copy.
  • Unlink, then relink.
  • Set the linked set to sale copy.
  • UserA(or anyone) can now buy a copy of the object.

If steps 3 and 4 are swapped, this exploit does not work.

5) can transfer a no-transfer object by linking it to a yes-transfer object and modifying

  • Rez the M/C/NT object (Object A).
  • Rez a cube and set the cube's permissions to M/C/T.
  • Link Object A to the cube so that the cube is the parent prim.

Permissions are now M/C/NT on the object. The permission checkboxes are correctly disabled and can't be changed.

  • Select the "Edit Linked Parts" option and select one of the prims in Object A. Change it's twist, topsize, or another parameter.
  • De-select the "Edit Linked Parts" option and return to the General tab. The permission checkboxes are no longer disabled and you can enable the "Give Away/Resell" checkbox.

Transfer no-transfer textures

1) Transfer a no-transfer texture between officers via deeded object.

  • AvatarA and AvatarB are officers of the same group.
  • AvatarA rez a box, set it next-owner-modify, and deed it to the group
  • AvatarB apply a (no transfer) texture to the box
  • This should not be possible. It places a copy of the (no transfer) texture in the box
  • AvatarA edit the box and take the texture into inventory

Other

1) (no longer valid after Mono ships. Scripts are compiled on the server with Mono.) Recompile scripts requests scripts that you don't have permissions for.

  • Add scripts with a variety of permissions to an object.
  • "Recompile Scripts in Selection" from the Tools menu.
  • If the Recompilation status window reports that any no-modify or no-copy scripts are recompiled, this test failed. A user could potentially read the stream and thus the scripts.

2) Changing creator of prims to me

  • Rez an object created by someone else and create a new box.
  • Link the object created by someone else to your box.
  • Attach the object to your right hand via the pie menu.
  • Right click the attachment and drop it.
  • Unlink the object and check the creator of the primitive created by someone else.
  • Observe: You are now the creator for all the primitives, and should not be.

3) 1.7+: Copy No-copy objects by dragging Contents folder from object inventory to Inventory window SET-UP: User A and User B needed for this repro.

  1. Users A & B: Log in.
  2. User A: Rez 3 boxes.
  3. Make all boxes no-copy / mod / trans.
  4. Take two of the boxes.
  5. Put both boxes into the 3rd box's inventory.
  6. Take the 3rd box.
  7. Give 2 copies of the box to User B.
  8. User B: Edit > Preferences > Popups: Make sure "Always move inventory..." is in the 'Popups I want to see' section.
  9. User B: Rez the second copy of the box.
  10. Edit the box, click 'Contents' tab (alternatively, right click box, choose 'Open').
  11. Drag the 'Contents' folder into your inventory.
    1. Note that you are not warned about damaging the object.
    2. Note that the objects are not removed from the container's contents.
  12. Repeat (Failure Situation) over and over, give copies of plywood boxes to all your friends!


4) Run IntergridTransactionTest .

  • Modify no-mod objects
  • Take objects that are not yours
  • Sell objects that you are not allowed to
  • Delete object you should not be able to
  • Animate people that do not want to be animated
  • Steal money from another user via givemoney
  • Sell someone else's object as your own
  • Charge more money for something than buy floater says
  • Cheat vendor objects by paying buddy who is sitting on them etc.
  • Get onto banned land
  • Spread a virus to a unsuspecting user's objects with llRemoteLoadScript + llDie
  • Spoof another person
    • Through chat
    • Through IM
    • Through Forums
  • Convince someone's script that you overpaid it, so it will refund you

5) Move someone else's object to <0,0,0>

  • Attach a linked object
  • Sit on an object, of any Resident owner, yourself or someone else
  • Open Edit Window
  • Click Edit Linked Prims
  • Resize the root prim of the linked attachment
  • Hit Undo
    • Sitting resident is moved to sim coord [0,0,0], Object is sent off-world.