View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001844 | unreal | ircd | public | 2004-05-30 20:31 | 2007-04-19 02:56 |
| Reporter | aquanight | Assigned To | |||
| Priority | normal | Severity | trivial | Reproducibility | always |
| Status | resolved | Resolution | duplicate | ||
| Platform | X86 | OS | Windows | OS Version | XP Professional |
| Product Version | 3.2 | ||||
| Summary | 0001844: set::modes-on-oper causing unauthorized opers to get flag +q? | ||||
| Description | oper LocOp { from { userhost *@*; } password "Blah"; flags { local; get_host; }; }; set { modes-on-oper "+qgwhW"; }; -> OPER LocOp Blah * LocOp sets mode: +wghOWqt I did not give the oper can_setq, but it gets +q from the server anyway. Is it possible to make set::modes-on-oper respect the can_setq flag (or absence thereof)? | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
| duplicate of | 0001899 | resolved | Add oper::usermodes |
|
|
If we do that, then there are many other things that follow. What if someone adds +N to the modes? Do we ignore +N for non netadmins? |
|
|
Doesn't sound like a bad idea ;) . Of course, the question that comes up is "Why put this mode in modes-on-oper?" And that's a good question, but what goes in there is most certainly up to the people that make the config ;) , and as it is, they can put any usermode in there... so maybe: 1) Don't allow any modeflag that depends on an operflag (+oOAaNq), or... 2) Only set flags an oper has permission to use. Any other flag is ignored. Something like this would probably be needed for set::modes-on-connect as well if there isn't already something there ;) . |
|
|
Well see I personally look to choice three: 3) Assume the admin has a brain Almost no error checking is done for any of the mode settings. You could add +N to modes-on-connect if you wanted to! If an admin, for whatever reason, has decided all opers should be +q, why should I tell them they can't? |
|
|
Well, yeah... ok... Of course, said admin would probably also put can_setq in the oper blocks (so that the opers can set +q when they want it). Option #2 would allow him to exclude certain opers from this while still allowing permitted opers to get +q automatically (though maybe they should just not be lazy and set it themselves ;) ). But, yeah, no error checking means need for smarter admins. But we can't assume every admin is smart, now can we? |
|
|
No, but if you treat them like idiots, they will have reason to act like idiots. |
|
|
>No, but if you treat them like idiots, they will have reason to act like idiots. (that reminds of a quote I heard once... something along the lines of... "Build an idiot-proof system and someone will build a better idiot." ;) ) *ahem* But seriously... So from what I understand, the admin should just have all opers can_setq to make it look "right", or not put +q in the modes-on-oper, if he doesn't want opers to get +q w/o permission (I'm not even going to start on SVSMODE, because when it comes to server vs. services, services always win ;) , and services know best anyway (or should).) Hm... maybe an option for ./Config for this? So the admin can chose if he wants operflags enforced or the right to have whatever modes set on opers he wants? I dunno... giving opers can_setq can lead to abuse anyway, so... (but any oper privilege can be abused...) |
|
|
0001899 I guess this can be closed now? edited on: 2004-07-22 14:47 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2004-05-30 20:31 | aquanight | New Issue | |
| 2004-05-31 01:25 |
|
Note Added: 0006477 | |
| 2004-05-31 12:01 | aquanight | Note Added: 0006482 | |
| 2004-05-31 12:43 |
|
Note Added: 0006483 | |
| 2004-05-31 12:49 | aquanight | Note Added: 0006484 | |
| 2004-05-31 13:04 |
|
Note Added: 0006485 | |
| 2004-06-03 21:36 | aquanight | Note Added: 0006566 | |
| 2004-07-22 14:46 | aquanight | Note Added: 0007220 | |
| 2004-07-22 14:47 | aquanight | Note Edited: 0007220 | |
| 2007-04-19 02:56 |
|
Relationship added | duplicate of 0001899 |
| 2007-04-19 02:56 |
|
Duplicate ID | 0 => 1899 |
| 2007-04-19 02:56 |
|
Status | new => resolved |
| 2007-04-19 02:56 |
|
Resolution | open => duplicate |
| 2007-04-19 02:56 |
|
Assigned To | => stskeeps |
