From 327cfc509855c8ca51ba24eb64322c096bf86b4d Mon Sep 17 00:00:00 2001
From: Griatch <griatch@gmail.com>
Date: Sat, 18 Aug 2012 20:20:42 +0200
Subject: [PATCH] Changed default permission of objects so as to not have
 'control' permission of themselves. As user Kelketek pointed out, this could
 be a possible exploit. At any rate there is no need for objects to have
 control of themselves.

---
 src/objects/objects.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/objects/objects.py b/src/objects/objects.py
index ca8b6b3dc9..e1890f1d06 100644
--- a/src/objects/objects.py
+++ b/src/objects/objects.py
@@ -390,7 +390,7 @@ class Object(TypeClass):
 
         dbref = self.dbobj.dbref
 
-        self.locks.add("control:id(%s) or perm(Immortals)" % dbref)  # edit locks/permissions, delete
+        self.locks.add("control:perm(Immortals)")  # edit locks/permissions, delete
         self.locks.add("examine:perm(Builders)")  # examine properties
         self.locks.add("view:all()") # look at object (visibility)
         self.locks.add("edit:perm(Wizards)")   # edit properties/attributes