View Issue Details

IDProjectCategoryView StatusLast Update
0002736unrealdocumentationpublic2018-12-12 09:09
Reportersmatthews Assigned Tosyzop  
PrioritynormalSeveritytweakReproducibilityalways
Status resolvedResolutionfixed 
OSRedhat LinuxOS VersionFedora Core 3 
Product Version3.2.3 
Fixed in Version4.0.0 
Summary0002736: +C Channel Mode: better document it does not apply to chanops etc.
Description[editted report follows]
It would be nice if we better documented that things like chanmode +C and +N do not apply to chanops. Even though it's logical for many people, it is not so for others and should be mentioned. Also the fact that for example +S/+c _are_ applied to chanops does not always make it very logical ;p. In /HELPOP ?CHMODES might be a good place, maybe in unreal32docs.html too.
Additional InformationOriginal report:
+C Channel Mode: Does Not Work as Advertised
The +C channel mode is described in the Unreal documentation as prohibiting CTCP communication between clients within the channel. Experimentation reveals that with jIRCii version b35, CTCP pings, version queries, and DCC chat sessions can be freely established while channel mode +C is active. This would most likely allow DCC file transfer through a server that is supposed to be prohibiting this functionality.

This vulnerability was discovered while testing the security of an IRC network that included Unreal IRCd as the server, jIRCii clients running Windows XP Pro and RH Linux Fedora Core 3, and Anope IRC Services.
TagsNo tags attached.
3rd party modules

Activities

syzop

2006-01-03 19:39

administrator   ~0010920

Are you a chanop? Because CTCP's are only blocked from normal users in the channel, chanops can override it. Just like +m, +M, +N, ..

Maybe worth better documenting.

syzop

2006-01-03 19:40

administrator   ~0010921

[quote]This would most likely allow DCC file transfer through a server that is supposed to be prohibiting this functionality.[/quote]
Oh if that is your purpose btw, then you should just add a deny dcc block for * :P.

syzop

2006-01-10 15:54

administrator   ~0010958

assuming above..

smatthews

2006-01-11 08:13

reporter   ~0010960

Thank you for the responses. It took me a while to get the answers to your questions from our analyst (he has moved to a new job). I received a response just this morning and indeed he indicated that he could have been logged on as the chanop and he did not test DCC.

We plan to further test these options and notify you if we find any problems. I think it is a good idea to update the documentation to reflect the fact that chanops can override channel blocks.

dboyz

2015-07-25 18:56

reporter   ~0018566

Last edited: 2015-07-25 19:00

I'm putting a note here to indicate the targets affected by the specific channel mode before making more changes to the docs.

As of Unreal34-beta2:
c - all
C - all
f* - N/A (It sets other modes for you.)
G* - all
i* - N/A (Doesn't affect you if you are in the channel. You can't join the channel unless you receive an INVITE.)
k* - N/A (Doesn't affect you if you are in the channel. You can't join the channel unless you specify the correct key.)
K* - N/A (Because it enables or disables KNOCK.)
l* - N/A (Doesn't affect you if you are in the channel. You can't join the channel if limit is exceeded.)
L* - N/A (Doesn't affect you if you are in the channel. You are automatically redirected under certain* conditions.)
m* - Users with no level modes only.
M - Unregistered users only.
N - Users with voice and lower only.
n - N/A (Doesn't affect you if you are in the channel. You cannot send messages if you are in that channel.)
O - Non opers only
p* - N/A (Doesn't affect users except in WHO(IS).)
P - N/A (Doesn't affect users.)
Q - all
r - N/A (Doesn't affect users.)
R - N/A (Doesn't affect you if you are in the channel. You cannot join the channel if you are unregistered.)
s - N/A (Doesn't affect users except in WHO(IS).)
S - all
t* - Users with voice and lower only.
T - all
V - all
z - All non-secure users are kicked from the channel and not allowed to join. IRCops who are invited are exempted unless +Z is set.
Z - N/A except the above.

EDIT: Comments for all channel modes are made by referring to the code except the ones flagged with asterisks (*).

syzop

2018-12-12 09:09

administrator   ~0020403

I'm marking this as fixed in 4.0.0 because in UnrealIRCd 4.x channel mode +C simply denies CTCP's from everyone in the channel. So there's no longer confusion about chanops vs non-chanops.

Issue History

Date Modified Username Field Change
2006-01-03 15:09 smatthews New Issue
2006-01-03 19:39 syzop Note Added: 0010920
2006-01-03 19:40 syzop Note Added: 0010921
2006-01-10 15:54 syzop Status new => closed
2006-01-10 15:54 syzop Note Added: 0010958
2006-01-10 15:54 syzop Resolution open => no change required
2006-01-11 08:13 smatthews Status closed => feedback
2006-01-11 08:13 smatthews Resolution no change required => reopened
2006-01-11 08:13 smatthews Note Added: 0010960
2006-01-19 08:33 syzop Severity major => tweak
2006-01-19 08:33 syzop Status feedback => acknowledged
2006-01-19 08:33 syzop Resolution reopened => open
2006-01-19 08:33 syzop Category ircd => documentation
2006-01-19 08:33 syzop View Status private => public
2006-01-19 08:33 syzop Summary +C Channel Mode Does Not Work as Advertised => +C Channel Mode: better document it does not apply to chanops etc.
2006-01-19 08:33 syzop Description Updated
2006-01-19 08:33 syzop Additional Information Updated
2006-01-19 08:35 syzop Description Updated
2015-07-25 18:56 dboyz Note Added: 0018566
2015-07-25 18:57 dboyz Note Edited: 0018566
2015-07-25 19:00 dboyz Note Edited: 0018566
2018-12-12 09:09 syzop Assigned To => syzop
2018-12-12 09:09 syzop Status acknowledged => resolved
2018-12-12 09:09 syzop Resolution open => fixed
2018-12-12 09:09 syzop Fixed in Version => 4.0.0
2018-12-12 09:09 syzop Note Added: 0020403