Genie out of the bottle: advanced tools capability used for griefing

Update 11th June: Oskar Linden has provided further feedback on this situation. 

Update June 6th: Oskar Linden has confirmed that the Advanced Creation Tools capabilities that were rolled-out to the Magnum RC channel will remain disabled until at least next week, although no firm decision has been on re-enabling them.

Update June 5th 11:30 UTC: The rolling restarts completed at 03:39 UTC. At present, no further updates have been given on the forum post relating to the restarts, but this may change later during the course of today. Oskar Linden has reiterated that due to this rolling restart, there will be no main channel deploy today and that details on Wednesday’s RC deploys are still TBA. My apologies for late timing of this update; a small matter of real life prevented me putting my nose in front of the keyboard any sooner!

Last week saw elements of the new Second Life Advanced Creator Tools rolled-out to the Magnum channel. As I reported at the time, the tools were issued without the new permissions system, but with safeguards that (it was hoped) would prevent misuse.

Today, however, a party or parties unknown started to use teleport functions of the new tools outside of the Magnum Release Channel as a means of griefing. People first became aware of the issue as individuals and groups started finding themselves randomly teleported around the grid, which sparked speculation on Twitter. Later, messages started circulating in-world among groups, outlining issues, such as this one, sent out to the NCI Citizens Helper Group (with thanks to Raylene Gothly)

Ok to everyone, there is something seems grid wide, we do not know if its a bad code in certain sims or if someone has found a way to teleport grief. But its happening all over, so I’m not sure. however I’d like to let everyone know we are aware of this. Suddenly you are just teleported away, best to log off and relog to get out of it, as it seems to continue to teleport you, I was teleported 3 times when I relogged… Dont be frightened it just seems to be a mess up.

The only regions unaffected by the griefing tool appear to have been those on the Magnum RC (where the new teleport functionality has safeguards) and those sims that had script capabilities disabled. Messages were thus circulated to land holders to disable scripting in their regions to avoid the issue, at least until Linden Lab responded to the situation.

Linden Lab themselves commenced efforts to stop the problem with emergency rolling restarts across the grid, announced via a Grid status update and a forum post:

To solve a security issue with the Experience Tools that were deployed to Magnum last week we are doing an emergency simulator rolling restart deploy. This has already begun.

Regions on the following channels will be restarted with the fixed code:

Main Channel
BlueSteel
LeTigre

Magnum will not be restarted because the issue is not possible in Magnum regions. We will have no rolling restart Tuesday morning. The Wednesday morning RC channels will roll at the usual time.

We apologize for any inconvenience and appreciate your understanding.

I’ll update here when further information is available.

Advertisements

9 thoughts on “Genie out of the bottle: advanced tools capability used for griefing

  1. I just took a look at your post about the Magnum RC toolset and am hoping this problem is contained within that toolset. But I’m very disturbed about how this could be allowed to happen.

    Let me start by stating that I’m ignornant of LL’s 3P acceptance process for new builds being released to operate live on the Grid. However, it sounds like someone can take their viewer and introduce malicious code then roll it out without a specific “Approval” for that build, is that right? I mean, if someone build new code then cleverly sets the build number to the approved code, then they can basically do anything they want.

    Or am I way too hopeful here? Is there any type of LL viewer approval process that certifies specific builds of viewers? Do they allow approved developer carte blanche to create test versions of they software then use it as they please? As I said, I’m ignorant of the process, but after the Emerald debacle, I had confidence the Lab was on the case and tightened up the review & acceptance process.

    I had hoped that after Emerald, some measures were put in place, for example: 1) there is a LL code review process that includes a diff’ing of viewer code to discover suspecious code; 2) every viewer operating in SL’s main grid is a LL certified build; 3) LL has a system for registering approved builds and saving them in a replository at the Lab; 4) There was some form of checksum on each build that would assure the build being operated is in fact the build that was approved… I could go on, but I have a feeling I’m way to hopeful.

    This situation tells me there is an approved 3P software developer operating today who is capable and willing to use his power to cause mischief. In a way, he/she is doing a service by demonstrating what a leaky process the Lab has. As for me, my confidence in the Lab just took another serious hit.

    Like

      1. So, anyone could have used these functions? Ok, I’m happy about that.

        But I still wonder about the process. When things go wrong, I start wondering and I’ve never felt _really_assured that the Lab has a process to prevent surprises in software releases.

        Like

        1. As Latif states, this came about through the introduction of new LSL functionality server-side on the Magnum Channel. It appears that “safeguards” were employed on that channel that prevented misuse (hence why Magnum remained unaffected) but someone found a means of exploiting the new functionality across the rest of the grid.

          There is an expanded permissions system that is due to be implemented with these advanced commands, but as per the announcement on the roll-out to Magnum it was not deployed at the same time. Whether this left potential vulnerabilities in the system or not I leave to wiser minds than mine to determine.

          Like

  2. It absolutely was an exploit, and the vulnerability was known BEFORE the rollout. There is a thread on the SL Universe forums with some comments by skilled scripters. It would appear that LL simply hoped no one would notice the security hole. This was either wishful thinking, or a very low opinion of their users’ intelligence.

    Like

    1. Thanks for that. Do you have a link to the discussion – I missed it the last time I poked my nose into the SLU forums; would love to read-up when I get the chance :).

      Like

Have any thoughts?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.