EOSERV Bug Tracker > Bug #400: $setadmin allows indirect nointeract restriction bypass

Bug #400: $setadmin allows indirect nointeract restriction bypass

$setadmin allows indirect nointeract restriction bypass
ID #400
Submitter Sausage
Product EOSERV
Severity High
Status CLOSED, FIXED
Submitted 15th Nov 2015
Updated 8th Apr 2016
Related SVN Revisions
Rev# Date Description
r525 08 Apr 2016 09:32:29 UTC Update nointeract setting when admin level is promoted (bug #400), Prevent demoting an admin ...
Sausage Submitter
Developer
3 years, 9 weeks ago

If you use $setadmin to adjust someone's admin level, the default nointeract restrictions don't apply to them until they log our and in. This would allow Player A with an admin level higher than the norestrict level to adjust the admin level of another character, who would then not have the restrictions Player A does.

Comments

Sausage Submitter
Developer
2 years, 41 weeks ago

Updating to high severity. This is not considered critical as the only command this provides access to in a default configuration is $settitle.

Updated Severity to HIGH

Sausage Submitter
Developer
2 years, 41 weeks ago

Fixed in r525.

Updated Status to CLOSED, FIXED

Add Comment

Please don't post unless you have something relevant to the bug to say.
Do not comment to say "thanks" or "fix this please".

Please log in to add comments. EOSERV Bug Tracker > Bug #400: $setadmin allows indirect nointeract restriction bypass