Changed default permission of objects so as to not have 'control' permission of themselves. As user Kelketek pointed out, this could be a possible exploit. At any rate there is no need for objects to have control of themselves.

2026-03-17 05:16:31 +01:00 · 2012-08-18 20:20:42 +02:00 · 2012-08-18 20:20:42 +02:00 · 327cfc5098
commit 327cfc5098
parent a2e7246d15
1 changed files with 1 additions and 1 deletions
--- a/src/objects/objects.py
+++ b/src/objects/objects.py
@ -390,7 +390,7 @@ class Object(TypeClass):

        dbref = self.dbobj.dbref

-        self.locks.add("control:id(%s) or perm(Immortals)" % dbref)  # edit locks/permissions, delete
+        self.locks.add("control:perm(Immortals)")  # edit locks/permissions, delete
        self.locks.add("examine:perm(Builders)")  # examine properties
        self.locks.add("view:all()") # look at object (visibility)
        self.locks.add("edit:perm(Wizards)")   # edit properties/attributes