Fixes @locks to block self-escalation. Fixed a few bugs in @reload that caused it to reload also unsafe modules.

2026-04-01 05:27:17 +02:00 · 2011-03-17 22:28:30 +00:00 · 2011-03-17 22:28:30 +00:00 · de28b2d575
commit de28b2d575
parent bccd84e480
4 changed files with 22 additions and 6 deletions
--- a/src/commands/default/admin.py
+++ b/src/commands/default/admin.py
@ -11,6 +11,8 @@ from src.server.sessionhandler import SESSIONS
 from src.utils import utils
 from src.commands.default.muxcommand import MuxCommand

+PERMISSION_HIERARCHY = [p.lower() for p in settings.PERMISSION_HIERARCHY]
+
 class CmdBoot(MuxCommand):
    """
    @boot 
@ -386,9 +388,23 @@ class CmdPerm(MuxCommand):
        else:
            # add a new permission             
            permissions = obj.permissions
+
+            caller.permissions 
+            
+
+
            for perm in self.rhslist:
+
+                perm = perm.lower()
+                
+                # don't allow to set a permission higher in the hierarchy than the one the
+                # caller has (to prevent self-escalation)
+                if perm in PERMISSION_HIERARCHY and not obj.locks.check_lockstring(caller, "dummy:perm(%s)" % perm):
+                    caller.msg("You cannot assign a permission higher than the one you have yourself.")
+                    return 
+
                if perm in permissions:
-                    cstring += "\nPermission '%s' is already defined on %s%s." % (rhs, obj.name)
+                    cstring += "\nPermission '%s' is already defined on %s." % (rhs, obj.name)
                else:
                    permissions.append(perm)
                    obj.permissions = permissions
--- a/src/locks/lockhandler.py
+++ b/src/locks/lockhandler.py
@ -319,7 +319,7 @@ class LockHandler(object):
        else:
            return default

-    def check_lockstring(self, accessing_obj, accessed_obj, lockstring):
+    def check_lockstring(self, accessing_obj, lockstring):
        """
        Do a direct check against a lockstring ('atype:func()..'), without any
        intermediary storage on the accessed object (this can be left
--- a/src/objects/objects.py
+++ b/src/objects/objects.py
@ -87,7 +87,7 @@ class Object(TypeClass):

        dbref = self.dbobj.dbref

-        self.locks.add("control:id(%s)" % dbref)
+        self.locks.add("control:id(%s) or perm(Immortals)" % dbref)
        self.locks.add("examine:perm(Builders)")
        self.locks.add("edit:perm(Wizards)")
        self.locks.add("delete:perm(Wizards)")
--- a/src/utils/reloads.py
+++ b/src/utils/reloads.py
@ -34,8 +34,8 @@ def reload_modules():
    # should never need to do that anyway). Updating src requires a server
    # reboot. Modules in except_dirs are considered ok to reload despite being
    # inside src/
-    protected_dirs = ('src.',)
-    except_dirs = ('src.commands.default.') 
+    protected_dirs = ('src.',)               # note that these MUST be tuples!
+    except_dirs = ('src.commands.default.',) #             "  

    # flag 'dangerous' typeclasses (those which retain a memory
    # reference, notably Scripts with a timer component) for
@ -50,7 +50,7 @@ def reload_modules():

    def safe_dir_to_reload(modpath):
        "Check so modpath is not a subdir of a protected dir, and not an ok exception"
-        return not any(modpath.startswith(pdir) and not any(modpath.startswith(pdir) for pdir in except_dirs) for pdir in protected_dirs)
+        return not any(modpath.startswith(pdir) and not any(modpath.startswith(edir) for edir in except_dirs) for pdir in protected_dirs)
    def safe_mod_to_reload(modpath):
        "Check so modpath is not in an unsafe module"
        return not any(mpath.startswith(modpath) for mpath in unsafe_modules)