View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001450||unreal||documentation||public||2003-12-24 19:46||2004-01-07 12:59|
|Platform||Linux||OS||Redhat||OS Version||not sure|
|Summary||0001450: Users can see server notices, even if +s is not enabled.|
|Description||For some reason users can see server notices even if +s is disabled.|
* AS sets mode: +s
Server notice mask (+ks)
* AS sets mode: -s
Server notice mask (+)
-irc.messagebot.net- *** Notice -- Failed OPER attempt by ES[sleep] ([email protected]) [unknown oper]
This did not happen when Unreal3.2 was compiled without SSL support. Once I compiled with SSL support, this problem started appearing.
|Tags||No tags attached.|
|3rd party modules|
||Forgot to add, I considered this major because unmasked hostmasks are shown =/|
If it wasn't christmas I would be able to help ;). But I can give you a quick hint... if you use latest cvs (see www.vulnscan.org -> cvs blah) then the code contains additional debug info which helps tracing this issue down ([technical]if this is because of operfdlists getting fucked up, which really seems like it[/technical]). So if you are interrested in helping tracing this, you could do that...
Someone else reported this problem too but even after 3 weeks I haven't heard anything back... so that's not helping much ;).
I hope you are right about SSL.. that would give us a good hint. On the other hand, such things can be coincidence too ;).
BLAHHH *watch movie*
|I already gave him the CVS stuff, said he'd install it tonight ;)|
Audit of oper fdlist code:
We add to oper_fdlist if SVSMODE +o and del if SVSMODE -o. However, for "normal" conditions we add/remove for both +o and +O. Therefore SVSMODE must be altered to add/del to the oper_fdlist if SVSMODE is used to set +/-O
Again, only removes globops from the oper_fdlist, must be changed to remove locops as well.
I am doubtful that the error lies in the actual fdlist code simply because this only seems to occur with opers. If the problem were in fdlists, we would likely see server traffic sent to clients and vice versa. Also, I looked through all SSL specific code, I can't see anywhere that would cause this problem to occur.
Couple of questions to you:
1.) What IRC services do you use?
2.) Do you have any local (+O) IRC operators?
3.) Do your services have some sort of NOOP command or do you ever /os RAW to use SVSNOOP?
4.) Do you have services that maintain an oper list? I.e. they set +o for users who should be operators and what not.
Yup, this is the kinda stuff I wind up doing at midnight on Christmas :P
btw, that new trace code is indeed ment to find add/remove bugs, not some bug in the fdlist code itself ;).
user is +O
SVSMODE +o results in a duplicate addition.
|All of the above mentioned errors should be fixed in the current CVS.|
EviL_SmUrF: could you confirm this has been fixed?
or anyone else..
||let's presume so...|
|2003-12-24 19:46||EviL_SmUrF||New Issue|
|2003-12-24 19:47||EviL_SmUrF||Note Added: 0004427|
|2003-12-25 01:39||syzop||Note Added: 0004433|
||Note Added: 0004434|
||Note Added: 0004435|
|2003-12-25 15:47||syzop||Note Added: 0004436|
||Note Added: 0004438|
||Note Added: 0004444|
|2004-01-03 19:25||syzop||Note Added: 0004526|
|2004-01-07 12:59||syzop||Status||new => resolved|
|2004-01-07 12:59||syzop||Resolution||open => fixed|
|2004-01-07 12:59||syzop||Assigned To||=> syzop|
|2004-01-07 12:59||syzop||Note Added: 0004575|