• All submissions to this site are governed by Second Life Project Contribution Agreement. By submitting patches and other information using this site, you acknowledge that you have read, understood, and agreed to those terms.
Issue Details (XML | Word | Printable)

Key: SVC-77
Type: Bug Bug
Status: Open Open
Priority: Critical Critical
Assignee: Unassigned
Reporter: Lex Neva
Votes: 7
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
2. Second Life Service - SVC

Region crashing during heavy object returns loses content

Created: 30/Mar/07 09:08 AM   Updated: 24/Jun/09 05:20 AM
Return to search
Component/s: Simulation
Affects Version/s: None
Fix Version/s: None

Issue Links:
Relates

Linden Lab Issue ID: SL-51799


 Description  « Hide
I recently saw a new kind of griefer attack that allows malicious users to cause massive content loss in a region. I believe the region in question was targeted because it was a relatively new rental-based region and many of the plots were not yet owned by the renters who had already rezzed their (often no-copy) content on the plots.

I did not witness the attack firsthand, but the method is fairly easy to understand: the griefer rezzed a whole hell of a lot of prims very suddenly, causing massive returns across the sim due to parcels becoming full. While the return queue was full, the region was induced to crash (perhaps simply due to the massive amount of objects being rezzed). When this happened, all items waiting to be returned were completely lost. In the case of no-copy items, massive content loss resulted.

This required a rollback of the sim. In areas where a rollback isn't possible, this could have even more disastrous effects.

This bug is related to SVC-70 and SVC-74, both of which have to do with content being lost when care is not taken by the system while handling the only copy of a no-copy item.

 All   Comments   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Lex Neva added a comment - 01/Apr/07 08:50 AM
Whoops, that comment was intended for another issue. Only Lindens can delete comments, as well.

[ Permlink | « Hide ]
Torley Linden added a comment - 02/Apr/07 02:27 PM

[ Permlink | « Hide ]
Lex Neva added a comment - 05/Apr/07 09:07 AM
Okay, smartypants, now delete the comment where I apologize for the comment you've gone and deleted for me

[ Permlink | « Hide ]
WarKirby Magojiro added a comment - 08/Apr/07 05:57 PM
Oh dear. This is terrible.

I think you made a bad choice in reporting it here, though. There's a special private method for high risk security issues. Posting about it here will help it get resolved faster, I'm sure, but it also allows all the griefers to know this can be done.

/me is worried


[ Permlink | « Hide ]
Lex Neva added a comment - 11/Apr/07 08:49 AM
The thing is, they already do. Most of us don't. There's also the fact that it IS possible to defend yourself against this: never have items on your plot that are not owned by the plot owner or set to the group. If you follow that rule, this bug does not hurt you.

[ Permlink | « Hide ]
Dzonatas Sol added a comment - 11/May/07 12:40 PM
Is this still possible?

[ Permlink | « Hide ]
Lex Neva added a comment - 18/May/07 08:01 AM
I'm not sure. Incidentally, I don't think the new item summary was a particularly useful change...

[ Permlink | « Hide ]
Rob Linden added a comment - 13/Aug/07 06:14 PM
[15:35] Soft Linden: (clarified the issue title as well)
[15:36] WarKirby Magojiro: Oh dear
[15:36] WarKirby Magojiro: this one is important
[15:36] Solomon Draken: Yes
[15:36] Solomon Draken: This is a serious issue
[15:37] Rob Linden: k...I'll import
[15:37] WarKirby Magojiro: surely only the most recent objects should be returned first
[15:37] Saijanai Kuhn: asynchronous communicatin, including item returns
[15:37] Ashcroft Burnham agrees with Warkiby
[15:38] SignpostMarv Martin: how long does it take to backup the content in a region ?
[15:38] Soft Linden: I've not seen this type of attack, but we can ask gteam if they've seen it.
[15:38] Rob Linden: next up: VWR-334
[15:38] Tomcat BnT: Can every sim have a binary log for the no-copy items in the uploading queue?
[15:38] Ashcroft Burnham: Indeed. wouldn't a solution be a per-sim prims rezzed per minute limit?
[15:38] Saijanai Kuhn: evenif you prioritize, there's no guarantee of when an item gets returend
[15:39] Tomcat BnT: that binary log should be on disk when returning and the algorithm for choosing items to return should favour copyable items
[15:39] SignpostMarv Martin: e.g. if expected object return rate reaches a set level, could a backup of the sim not be ran prior to object return ?
[15:39] Tomcat BnT: or having the upload queue as a transaction on disk
[15:39] SignpostMarv Martin: ^that'd lower the risk of total content loss

[ Permlink | « Hide ]
Homer Hapmouche added a comment - 24/Jun/09 05:20 AM
This appears to still be current. We experienced content loss with an event matching this description requiring a sim rollback. '000s of prims rezzed in a very short time frame, Existing content was returned due to full sim, and a sim crash was involved.


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators