Oskar Linden has provided an update / post-mortem on the recent bout of griefing that took place across the grid as a result of person or persons unknown abusing the advanced user experience code that was released onto the Magnum Release Channel two weeks ago.
The problem hit on Monday 4th June when the advanced teleport functions released to Magnum were used to teleport individuals or groups around the grid, with some people reporting they were teleported to the likes of The Cornfield, while others found themselves unexpectedly picked up and dropped into stores or meetings.
Linden Lab reacted rapidly to the issue, determining a fix for the exploit on the afternoon of the 4th (SLT) and deployed across the entire grid in a rolling restart that affected the main channel and all release channels.
The key points relating to the issue remain:
- The exploit came about due to a permissions restriction within the advanced tools not working as anticipated
- To prevent further misuse of the code, the advanced tools were also removed from the Magnum RC channel
- Both the code and the associated test plans have been revised and are being run through LL’s QA process to better ensure the situation of the 4th June is unlikely to be repeated when the code is rolled-out once more
- Coyot Linden estimates that the advanced experience tools project has been delayed by around 2-3 weeks as a result of these events
- LL are at this point in time unclear as to when the tools are likely to be rolled back out onto a Release Channel; the slot assigned to the tools on the Magnum RC has now been taken by other security issues in preparation for their roll-out to the grid.
One immediate outcome of the griefing situation is that the teleport capability has been revised so that when someone is teleported, the function will tell them the name of the owner of the object that teleported them (thus allowing any potential abuser of the system to be reported to LL via an Abuse Report).
With thanks to Nalates Urriah.