Avoid privilege escalation by limiting self track promote beyond current group?

Question

Avoid privilege escalation by limiting self track promote beyond current group?

vorburger opened this issue 8 years ago · 7 comments

vorburger commented 8 years ago

Imagine you have a track named 'level' with something like (with group parenting set up accordingly):

level: default ---> verified ---> assistant  ---> boss  ---> admin ---> op ---> root

Now assume that e.g. bosses should be allowed to promote default ---> verified ---> assistant, so:

/luckperms group boss permission set luckperms.user.promote true

The problem with this, of course, is that bosses can also self promote beyond and become e.g. admin ---> op ---> root - which one typically probably would never want (it's like a "privilege escalation 'attack'").

Unless I'm missing something, I think there is an easy solution to this, not requiring any complicated customizable rules or anything: if you just limited promote to never be able to self promote beyond one's current group membership?

With this, bosses could still promote, and someone who is already e.g. an admin could still raise someone who is a boss up to become an admin, but couldn't make himself an op or root.

Also, for the initial set up, any group with permission set * true should still be able to change others to promote to any group in a track, as should commands typed into the console.

I guess you could even have an additional new permission named perhaps something like luckperms.user.promote.unlimited, which would give the current behaviour, although I don't even think that's really necessary.

Coolfeather2 commented 7 years ago

solution?

lucko commented 7 years ago

No

lucko · Answer 1 · 2017-07-23T08:53:45.000Z

I'll write up a wiki page soon.

Coolfeather2 · Answer 2 · 2017-07-31T14:48:22.000Z

Has that wiki page been written yet?

Coolfeather2 · Answer 3 · 2017-08-18T14:33:59.000Z

Finally 🙌

lucko · Answer 4 · 2017-08-18T10:48:30.000Z

One month later @Coolfeather2 😅

https://github.com/lucko/LuckPerms/wiki/Argument-based-command-permissions

FinalKill9175 · Answer 5 · 2020-02-10T02:08:50.000Z

Still not working. My server has one track named default and even when I add luckperms.user.promote..<old/new-group> it does not let me execute the command. And I do have the option enabled in the config.
My default track goes default--->member--->trusted---->moderator--->admin---->owner
I want it so that the user inheriting trusted or higher can promote/demote players up to the group below them.
i.e. for moderator, I put, luckperms.user.promote.default.trusted, luckperms.user.demote.default.member, and for trusted I put luckperms.user.promote.default.member, luckperms.user.demote.default.default,
When I add the luckperms.user.promote/demote nodes to any group, they can still promote all the way up to owner, and when I take the main luckperms.user.promote/demote off, they can't even run the command at all.
I just want the equivalent of essentials.membership.manage.

edit: im running luckperms V5

Share to