View Issue Details

IDProjectCategoryView StatusLast Update
0002023unrealircdpublic2004-09-04 15:55
Reporterbrain2Assigned Tocodemastr 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
PlatformIntelOSFreeBSDOS Version5.2.1
Product Version3.2.1 
Target VersionFixed in Version3.2.2 
Summary0002023: SVSMODE removal of oper modes has unpredictable effect
DescriptionWhen a U:Lined server attempts to remove an opers modes (e.g. +o, +N, +A), the SVSMODE succeeds in removing the opers modes from their struct but certain permissions (e.g. the ability to /rehash) are still kept for that user, so a user that has been 'de-opered' can still do certain oper-only commands.
Steps To ReproduceThrough a u:lined server such as services or defender, send an SVSMODE OperNick -oghaANW.
As OperNick, /rehash the local server.
Additional InformationDiscovered via ircdefender version 1.3.10 secureoper module.
TagsNo tags attached.
3rd party modules

Activities

codemastr

2004-08-14 16:27

reporter   ~0007356

Well this is really a problem with ircdefender not supporting Unreal correctly. It should send the SVSO command after sending the SVSMODE to remove modes. The SVSO removes the oper flags.

brain2

2004-08-14 18:41

reporter   ~0007359

thanks, will fix.

aquanight

2004-08-15 00:27

reporter   ~0007368

Hehe, the wonders of telnet actually suggest that SVSO Target - is enough (Unreal will unset the oper modes itself _and return this change_) :D .

w00t

2004-08-19 04:41

reporter   ~0007399

But it doesnt remove some of them as we discovered... what were they? infected dcc notices.... bugger. Jason'd know.

aquanight

2004-08-19 04:44

reporter   ~0007400

+v (dcc notices) and +g (globops)

w00t

2004-08-20 04:57

reporter   ~0007406

Those were the ones.

codemastr

2004-09-04 04:30

reporter   ~0007503

Umm, you seem correct about umode +v, however, +g is a user settable mode. Was +g a typo, or...?

aquanight

2004-09-04 04:55

reporter   ~0007507

No it wasn't a typo... but...

>+g is a user settable mode.

It is? I don't recall it doing anything for users :/ ... or does it?

codemastr

2004-09-04 15:55

reporter   ~0007510

Yeah, there are a few +g messages sent to non-opers. Why exactly, I don't know, but they do exist.

Anyway, SVSO now removes +v as of .129

Issue History

Date Modified Username Field Change
2004-08-14 14:32 brain2 New Issue
2004-08-14 16:27 codemastr Note Added: 0007356
2004-08-14 18:41 brain2 Note Added: 0007359
2004-08-15 00:27 aquanight Note Added: 0007368
2004-08-19 04:41 w00t Note Added: 0007399
2004-08-19 04:44 aquanight Note Added: 0007400
2004-08-20 04:57 w00t Note Added: 0007406
2004-09-04 04:30 codemastr Note Added: 0007503
2004-09-04 04:55 aquanight Note Added: 0007507
2004-09-04 15:55 codemastr Status new => resolved
2004-09-04 15:55 codemastr Fixed in Version => 3.2.2
2004-09-04 15:55 codemastr Resolution open => fixed
2004-09-04 15:55 codemastr Assigned To => codemastr
2004-09-04 15:55 codemastr Note Added: 0007510