Disable scripts that are put into shared-with-group objects by non-owner.

Lots of Linden content (in the library) is set to share with group. The picture frame, landscaping rocks, etc. This seems kind of nice, but it's a bit of a security hole.

Right now, if I rez the picture frame, someone else who's in whatever group I'm in can drag objects and scripts into the picture frame's inventory. Those scripts will then run as mine. Whatever objects they rez will show up as being owned by me. In fact, if I have ever handed someone a full-permissions script and a full-permissions prim, they can even modify the prim and put my own script into it and then modify that script into something totally different from what I had originally created, and it would look like I made it. There'd be no way to tell that it hadn't.

Show of hands: Who wants other people to have the ability to rez anything they want, even something malicious, and make it look like you own it, possibly that you even created it (when in fact you didn't)? How about a gray goo attack, would that be something you'd want your name on?

To my knowledge, scripts are disabled when dragged into objects that have Allow Inventory Drop turned on. It seems eminently logical that this same thing should happen when scripts are dropped into objects that are group-shared, if it isn't the owner that is dragging the script in.

There is also the question of objects that are deeded to the group (not shared.) These have certain restrictions on them, or at least they did when I was working on them two years ago. However, deeding an object to a group is something that can only happen if the person is an officer and they deliberately go in and deed it, so it is probably not as much of a problem as share with group. I bet there are plenty of people who have objects in-world that are set shared to group, and they don't even know it.

So, to reiterate: When someone drags a script into a shared-with-group object, and that person doesn't own the object, the script should be set to not-running.


PS: I also think everything in the Library should have Share with Group unchecked, since that also allows group members to move your stuff around. That's really the kind of option that should be off by default.

intresting suggestion but if u dont trust the people in the group, pick a group u do trust or dont tick the box ?

They'll get right on this, I expect; thanks for raising awareness.

No, no, no, PLEASE no!!

It's hard enough to work as a group on a large project with the sharing system the way it exists currently. It's annoying enough that I can't script an object my fellow group member built in our sim by using the "new script" button. I have to drag in a new script with full permissions and the shared box checked, so that I don't lose permissions on it immediately upon drag.

It sounds to me like what you're advocating is to simply not allow me to script an object my fellow group member built and then shared. That's a horrible idea. If you just want scripts to be set not-running when I drag them in, remember that when a shared object has a shared script in it, I can open the shared script and modify it, set it running, reset it, etc. So to truly enforce this, you're basically suggesting completely disallowing scripting of objects people share to our group.

Like I said, the group-sharing system we have now is a pain to work with. The thing is, it's all we've got. I do not want to have to grant modify permissions to everyone in my group. While I trust them, it's very easy to imagine a situation in which I didn't.

The solution here is to just uncheck that "shared" checkbox, and also for linden to remove the shared checkboxes from stuff in the library.

I think what's he's really asking for, is that the Library items should be set Not Group Share, as someone who's not paying attention could rez the object, not realize that someone in the same group could come along and grief with it.

I think it's a really bad idea to leave a bunch of items in the Linden library set to share with group. That could be fixed with no controversy at all.

I understand this feature can be useful to people who are doing group builds. However, I also know there are people out there who will inevitably rez something that had that flag turned on when they took it into inventory, or who will just turn it on thoughtlessly.

Here are some alternate solutions:

1. Warning box pops up notifying a person whenever they rez something set share-with-group, advising them to turn it off if they aren't positive they need it on (in fact, let's do that with the 'Allow Anyone to Move' option as well)
2. Person is IMed when someone drops a script into their shared object
3. Extra flag on object specifying whether to disable others' scripts if dropped in (off by default)
4. Objects and scripts remember the owner and the last person to edit them, so forgeries are made more difficult

In any case, the situation as it is today is not acceptable from a security standpoint. Having a bunch of these group-shared objects on the grid, particularly as owned by people who don't understand the full implications of having this flag turned on, is the equivalent of having a bunch of unpatched computers with no firewall or antivirus sitting on a LAN. In the real world, these machines eventually become infested with malware and possibly become slaves in a botnet. In SL, group-shared objects can be exploited for all sorts of malicious purposes, particularly if the owner rezzed them while wearing the tag of a group that anyone can join.

Agreed.



Sure, so long as they plug that into the api that lets me disable such warnings.



Again, I need to be able to disable this. Otherwise, I'd get spammed.



But like I said, the nature of group sharing makes this a moot point. Imagine I drop a script that's shared and has all next-owner perms set into someone else's object that's shared to a group I'm in and has this option enabled. The script is disabled... but I can just open it up and re-enable it. If you're suggesting that only the owner can re-enable it, that'd be nasty and seem inconsistent. If you're suggestion that only the owner can ever en/disable scripts in a shared object, then that's a big problem for the way I build and script with my group.



Great idea.



It's especially tricky because of how objects get set to whatever group you're "wearing". People use groups predominantly for those fancy titles above their heads, and they don't realize that they're leaving a bunch of objects around that are set to those groups. Even worse, it's not that clear what "share with group" does... the entire sharing system is pretty obscure. I'd suggest that the same warning that comes up when you rez a shared object is also displayed when you check the shared box.

That, or I'd love a totally revamped sharing system. ;)