• All submissions to this site are governed by Second Life Project Contribution Agreement. By submitting patches and other information using this site, you acknowledge that you have read, understood, and agreed to those terms.
Issue Details (XML | Word | Printable)

Key: VWR-2643
Type: Bug Bug
Status: Resolved Resolved
Resolution: Duplicate
Priority: Major Major
Assignee: Unassigned
Reporter: Snugly Littlething
Votes: 2
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
1. Second Life Viewer - VWR

permissions request spam steals focus

Created: 02/Oct/07 10:44 PM   Updated: 15/Nov/07 02:51 PM
Return to search
Component/s: Permissions
Affects Version/s: None
Fix Version/s: None

Environment: Not relevant
Issue Links:
Relates
 


 Description  « Hide
There is an issue with permission requests that needs immediate attention. By flooding repeated, useless (no actual animation played) requests to animate an avatar, there is a new wave of griefer attacks coming through the grid daily. This attack is DESIGNED to prevent effective use of the AR system and has essentially found an exploit in the AR system by flooding with so /many/ animation requests that the cursor continuously defaults to the "Yes" option of the permissions window, MOVING IT /OUT OF/ THE ABUSE REPORT WINDOW making it essentially impossible to properly file an abuse report. Assuming that at some point an abuse report is actually completed, the user is still forced to relog to clear the thousands of permissions requests. NOTE: Muting DOES NOT PREVENT this exploit, nor does setting "Busy" mode.

This effects ALL versions of Second Life.

 All   Comments   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Lex Neva added a comment - 03/Oct/07 09:20 AM
This relates to VWR-2046, which deals with focus jumping to these kinds of popups. It appears that LL fixed this bug internally yesterday. Additionally, the Nicholaz Beresford custom viewer seems to fix this bug.

[ Permlink | « Hide ]
Lex Neva added a comment - 03/Oct/07 09:22 AM
Little known fact: you CAN report abuse even while not logged in, by emailing to abuse@secondlife.com. Be sure to provide all information that you would normally provide in an in-world abuse report, such as the location in-world, the name of the griefer if you know it, the time of the incident, and a description of what happened.

[ Permlink | « Hide ]
Lex Neva added a comment - 03/Oct/07 09:23 AM
I'm modifying the summary of this issue. I don't think this really counts as an exploit since the bug doesn't let you do anything with in-world content that you wouldn't normally be able to do. The previous summary, in my opinion, implied that there was an exploit for avoiding the need to request PERMISSION_TRIGGER_ANIMATION before triggering animations on an avatar, which isn't what this bug is about. I think this issue is more of just a severe annoyance exacerbated by a bug.

[ Permlink | « Hide ]
Ice Brodie added a comment - 11/Nov/07 09:34 AM
Lex, a LOT of people won't realize this, and will get frustrated and leave, rather than e-mail an abuse report.

I'm personally of the opinion that anything which wedges the client in this matter is detrimental and unwanted behavior, as many people will not understand it, will get frustrated by it and will leave because of it... which is what the griefer(s) want.

I'm of the mindset that an object should only ever request a perm once at a time, if it requests more and the dialog is still open, the subsequent requests should be ignored by the client in such a way that won't cause undue lag. Excess requests should also be logged as abusive behavior if they occur from the same user to multiple users in this manner.

I honestly await deployment of the internal version to main grid, Abbotts and sandboxes need it right now.


[ Permlink | « Hide ]
Gigs Taggart added a comment - 15/Nov/07 02:51 PM
VWR-2502 addresses this


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators