View Issue Details

IDProjectCategoryView StatusLast Update
0002185unrealircdpublic2005-02-12 19:27
ReporterZellAssigned Tosyzop 
PrioritynormalSeveritytrivialReproducibilityalways
Status resolvedResolutionfixed 
Platform*OS*OS Version*
Product Version3.2.2 
Target VersionFixed in Version3.2.3 
Summary0002185: NOOP Allows Former Opers to See Privileged Info
DescriptionThis is a silly bug, but a bug nonetheless.

When a Server is NOOP'ed (by however method you wish to sent the SVSNOOP... module, services, blah), the server Unsets the Oper privileges and Modes of all opers on the server. However, it is incomplete.

* This server has been placed in NOOP mode
then, the former oper may still /whois and get someones address/umodes by using:
/whois nick nick

ALSO, the oper can still access OperServ because the server doesnt send out the fact that the user was set -o

The only things that are canceled are local privileged commands (kill, gline, etc etc).
TagsNo tags attached.
3rd party modulesn/a

Activities

aquanight

2004-11-15 21:51

reporter   ~0008333

Anope's OperServ also /kills opers after nooping. But I guess the easiest fix is to just -oO everyone because Anope doesn't catch local opers I think.

Zell

2004-11-16 15:54

reporter   ~0008345

If youre not using anope or you do /operserv raw to set the noop, no kills. Also i find that if you are on Anope's Services Admin list you dont die. [though that would be a post for their bug forums]

aquanight

2004-11-16 18:29

reporter   ~0008351

Last edited: 2004-11-16 18:29

Oh really?

[16:23:04] <NickServ> aquanight is aquanight
[16:23:04] <NickServ> aquanight is a services root administrator.
[16:23:05] <NickServ> Is online from: aquanight@*
[16:23:05] <NickServ> Time registered: Jul 16 12:04:19 2004 Mountain Daylight Time
[16:23:05] <NickServ> Last quit message: -
[16:23:05] <NickServ> E-mail address: *
[16:23:05] <NickServ> vhost: *
[16:23:05] <NickServ> Greet message: Splash!
[16:23:05] <NickServ> Options: Protection, Security, Private, Message mode
[16:23:05] <NickServ> This nickname will not expire.
[16:23:13] -irc.*- *** Notice -- This server has been placed in NOOP mode
[16:23:14] <OperServ> All O:lines of irc.* have been removed.
[16:23:14] -irc.*- *** Notice -- Received KILL message for aquanight!aquanight@* from OperServ Path: services!OperServ (NOOP command used by aquanight)
[16:23:14] * You were killed by OperServ (services!OperServ (NOOP command used by aquanight))
[16:23:14] Closing Link: aquanight[localhost.127.in-addr.arpa] services.* (Killed (OperServ (NOOP command used by aquanight)))
[16:23:14] * [10101] Host disconnected
[16:23:14] * Disconnected

Zell

2004-11-16 19:55

reporter   ~0008353

Hmm. Doesnt terminate me on mine. Maybe its cuz im root? LoL. Anyways, back to the real problem, NOOP...

to restate the bug: NOOP doesn't inform the servers of the change on the users' modes.

aquanight

2004-11-16 20:15

reporter   ~0008355

Last edited: 2004-11-16 20:17

>Hmm. Doesnt terminate me on mine. Maybe its cuz im root? LoL.

If you read my paste more carefully, I was root, and I got zapped :P .

>NOOP doesn't inform the servers of the change on the users' modes.

Here's the exact current code that wipes the oflags from everyone...

                        for (acptr = &me; acptr; acptr = acptr->prev)
                        {
                                if (MyClient(acptr) && IsAnOper(acptr))
                                {
                                        if (IsOper(acptr))
                                        {
                                                IRCstats.operators--;
                                                VERIFY_OPERCOUNT(acptr, "svsnoop");
                                        }
                    if (IsAnOper(acptr))
                                                delfrom_fdlist(acptr->slot, &oper_fdlist);
                                        acptr->umodes &=
                                            ~(UMODE_OPER | UMODE_LOCOP | UMODE_HELPOP | UMODE_SERVICES |
                                            UMODE_SADMIN | UMODE_ADMIN);
                                        acptr->umodes &=
                                                ~(UMODE_NETADMIN | UMODE_WHOIS);
                                        acptr->umodes &=
                                            ~(UMODE_KIX | UMODE_DEAF | UMODE_HIDEOPER);
                                        acptr->oflag = 0;
                                        remove_oper_snomasks(acptr);
                    RunHook2(HOOKTYPE_LOCAL_OPER, acptr, 0);
                                }
                        }

The SVSO - code seems to use nearly the exact same code, with the exception of this line after the RunHoo2():

                send_umode_out(acptr, acptr, fLag);

So just add that and this should be fixed.

oh, and add this before the "if (IsOper(acptr))" line:

                fLag = acptr->umodes;

And this at the beginning of m_svsnoop:

        long fLag;

Sorry I can't do it in .diff format, but someone who knows how probably could :)

syzop

2005-02-12 19:27

administrator   ~0009110

Fixed in .264 (send_umode_out indeed).

Issue History

Date Modified Username Field Change
2004-11-15 17:17 Zell New Issue
2004-11-15 17:17 Zell 3rd party modules => n/a
2004-11-15 21:51 aquanight Note Added: 0008333
2004-11-16 15:54 Zell Note Added: 0008345
2004-11-16 18:29 aquanight Note Added: 0008351
2004-11-16 18:29 aquanight Note Edited: 0008351
2004-11-16 19:55 Zell Note Added: 0008353
2004-11-16 20:15 aquanight Note Added: 0008355
2004-11-16 20:17 aquanight Note Edited: 0008355
2004-11-17 15:37 syzop Status new => acknowledged
2005-02-12 19:27 syzop Status acknowledged => resolved
2005-02-12 19:27 syzop Fixed in Version => 3.2.3
2005-02-12 19:27 syzop Resolution open => fixed
2005-02-12 19:27 syzop Assigned To => syzop
2005-02-12 19:27 syzop Note Added: 0009110