The Alphaville Herald

SHOCK!!! Rez-Anywhere Exploit P0wns No-Rez Land!!!

by Pixeleen Mistral on 05/07/11 at 3:50 am

For at least the last two months, a permission system exploit has allowed anyone - even those unauthorized by Second Life landowners - to create objects on "no-rez" or restricted land. This surprising news suggests players wishing to limit use of their virtual cyber-paradise may need to set aside  time to patrol their holdings, or turn on auto-return for objects not owned by those they trust -- and hope the Lab will get around to fixing the fundamental problem at some point.

Second Life players feel controlling the objects created on their land is serious business - for good reason. Linden Lab holds landowners responsible for "broadly offensive" images found on player's plots, even if the content was not created by the landowner.

Rez in No Rez HUD sidesteps Second Life land controls

Another consideration is the limited object carrying capacity of the Lab's virtual land.

Second Life's economy is largely based on creating an artificial scarcity that ties the number of simple geometric objects - prims - which can exist on a plot of land to the overall size of the plot. Prims are used to create buildings and other props in the virtual realm, so landowners jealously guard their prim allotments and link virtual land rental/resale prices to the prim capacity of the imaginary land. In light of this, how is it possible that prims can be placed in restricted areas by unauthorized avatars?

When I first heard of this exploit, I was skeptical, but my source - who wishes to remain anonymous - was willing to demonstrate how one might overcome the Lab's object permission system. The exploit has continued to function since early May, and almost certainly existed well before my source came forward.

After observing the exploit in action and speaking with several experts, it appears that the Lab is not handling an edge case properly. As best I can tell, objects can be created by an LSL script command just outside the sim - where no user creation limit applies - then immediately moved into the sim.

According to the experts I consulted, parcel level controls are used to limit when objects can be created. Since the parcel coordinates end at 256, but sims need to be able to hand off objects between adjacent regions for vehicles in transit across sim boundaries, there is the possibility of objects being created just outside the sim and then entering the sim after avoiding the no-rez restriction.

How might this news might affect the land baron class in Second Life? Here is a transcript of land baron and metaverse media maven Crap Mariner's reactions to an impromptu demonstration:

Pixeleen Mistral: ok - this is no-rez land, right?
Pixeleen Mistral: can you verify that?
Crap Mariner: it appears so
Pixeleen Mistral: so - allow me to rez a cube on this no-rez land
Crap Mariner plays back a drumroll
Pixeleen Mistral: courtesty of a certain HUD
Pixeleen Mistral: ready?
Crap Mariner: yes
Pixeleen Mistral: here we go
Crap Mariner: i see a cube
Crap Mariner: not attached to you
Pixeleen Mistral: right
Pixeleen Mistral: if you watch really carefully
Crap Mariner: it appeared at the corner
Pixeleen Mistral: it rezes the cube just outside the sim
Crap Mariner: then popped over to there
Crap Mariner: yes
Pixeleen Mistral: then pulls in in
Pixeleen Mistral: an edge case
Crap Mariner: does it require linden water on the border (unused grid space) or can it be done where there is a sim there?
Pixeleen Mistral: anywhere if you are near the x or y coordinates > 250 ii works
Crap Mariner: impressive
Pixeleen Mistral: doesn't need a void sim or anything like that
Crap Mariner: quite... remarkable.
Pixeleen Mistral: this has been known in certain circles for at least 2 months
Crap Mariner: thank goodness it's in the hands of responsible, outstanding citizenry who'd never think to abuse such great power.
Crap Mariner smiles
Pixeleen Mistral: well - I was planning to write a story
Pixeleen Mistral: but I needed a skeptical witness
Crap Mariner: if you don't mind, could we test this on a sim i know you have no rez rights on?
Pixeleen Mistral: sure
Pixeleen Mistral: TP me
Crap Mariner: just in the extreme case that you actually can rez here
Crap Mariner: ok
Crap Mariner: heading to piper point

[we arrive at Piper Point sim]

Crap Mariner: x = 250
Pixeleen Mistral: ok
Crap Mariner: (welcome to the southernmost island in my neighrboor.)
Crap Mariner makes a note to take typing lessons
Pixeleen Mistral: ok
Pixeleen Mistral: how was that?
Crap Mariner: now i will turn off rez rights
Crap Mariner: ah already were turned off
Crap Mariner is quite the dimwitted landbaron
Pixeleen Mistral: right
Crap Mariner: ok, you have me convinced
Crap Mariner: at this point, james randi would be cutting a very large check
Pixeleen Mistral: so what this means is that you really do not have control of your land
Pixeleen Mistral: since there is an exploit that allows anyone to rez objects
Crap Mariner: at some level, there's a flaw with the security.
Pixeleen Mistral: well yes
Pixeleen Mistral: this is the story of SL
Crap Mariner nods
Pixeleen Mistral: flawed security
Crap Mariner: if the security flaws in SL were pancakes, not even Vin Diesel could eat them all.

Crap Mariner: so, does this HUD allow for other things to be rezzed?
Crap Mariner: and do they resist auto-return if not in group?
Pixeleen Mistral: auto-return still works
Crap Mariner: ah ok
Pixeleen Mistral: of course, most people will screw up their land if they turn auto-return on
Pixeleen Mistral: since they were sloppy about group ownership
Crap Mariner: we're a bit more careful than most. either a parcel has group only, or if they clean up, a-r is on
Crap Mariner: but this busts the group only block