View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002601 | unreal | ircd | public | 2005-07-27 06:59 | 2006-08-20 18:35 |
| Reporter | phedny | Assigned To | syzop | ||
| Priority | normal | Severity | tweak | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | any | OS | any | OS Version | any |
| Product Version | 3.2.3 | ||||
| Fixed in Version | 3.2.6 | ||||
| Summary | 0002601: Non-SSL Opers can join +z channel with SAJOIN | ||||
| Description | Operators that can use SAJOIN can use it to join +z (SSL-Only) channels, even when they don't have a secure connection. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
I don't think this is a bug... If an oper needs to join a channel becuase s/he has been recieving reports of abusive activity within the channel, s/he should be able to join the channel no matter what modes it has. SAMODE can be used, but does not do much when the services MLOCK +z on the channel. |
|
|
it is definetly a bug, overriding +z the normal way will unset +z. The reason is clear because +z indicates a secure communication and with a non-ssl oper joining the channel, the communication is leaked to plain. When SAJOIN is used on a +z channel and the person joining does not have SSL, the server should unset +z like it does for normal overriding. edit: about the mlock thing, if the situation ever arises, why dont u simply unset the mlock? or even better, simply use SSL :P opers should do that anyway... |
|
|
Is not a Bug because an IRCOP should SAJOIN +z +k or +i Channels to have a Look. I can SAJOIN normal NON OPER Users to an OPER Channel with mode +O without any Problems. I think, this is a normal Oper Override Function. Correct me if i think wrong. HERZ |
|
|
It isnt about overriding or not... you will still be able to override +z with or without SAJOIN. The point is, when overriding with SAJOIN, then +z must be removed from the channel automatically, as it is done when overriding it with /invite. And I was told the bug is being fixed soon. |
|
|
Right, it should either -z, or deny the join. Btw, I find it quite annoying that /sajoin is used nowadays by opers to join _themselves_ in channels, instead of the usual /invite thing. This is of course a consequence of the change that was made a few versions ago so SAJOIN could join trough modes (like the example HERZ mentioned), but I'm not so sure if that was a good move... Well, we could of course deny /SAJOIN on people themselves :P. In any case, add some more notices stuff... The opers already see an SAJOIN notice, but the channel members do not (while they DO with operoverride trough /invite). As for +z... well like I said, it should either -z (otherwise the +z is giving a false signal), or deny the SAJOIN. -z makes most sense I think, though it just depends on how you look at it :P. This is all for post-3.2.4 btw. |
|
|
You can operoverride with /invite already. it will however, unset +z. I think the SAJOIN thing should be fixed, at least to work like operoverride on such channels. |
|
|
Fixed in CVS of 3.2* and 3.3*... I simply made it block a /sajoin of an insecure user to a +z channel, let the oper have some brain instead of making things too automated ;). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2005-07-27 06:59 | phedny | New Issue | |
| 2005-07-27 14:42 | Stealth | Note Added: 0010269 | |
| 2006-01-26 10:03 | decoder | Note Added: 0011062 | |
| 2006-01-26 13:29 | decoder | Note Edited: 0011062 | |
| 2006-01-26 13:30 | decoder | Note Edited: 0011062 | |
| 2006-01-26 15:35 | HERZ | Note Added: 0011066 | |
| 2006-01-26 15:38 | decoder | Note Added: 0011067 | |
| 2006-01-27 15:00 | syzop | Note Added: 0011082 | |
| 2006-01-27 15:00 | syzop | Status | new => confirmed |
| 2006-01-29 16:12 | JasonTik | Note Added: 0011100 | |
| 2006-08-20 18:35 | syzop | Status | confirmed => resolved |
| 2006-08-20 18:35 | syzop | Fixed in Version | => 3.2.6 |
| 2006-08-20 18:35 | syzop | Resolution | open => fixed |
| 2006-08-20 18:35 | syzop | Assigned To | => syzop |
| 2006-08-20 18:35 | syzop | Note Added: 0012199 |
