View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002736||unreal||documentation||public||2006-01-03 15:09||2018-12-12 09:09|
|Platform||OS||Redhat Linux||OS Version||Fedora Core 3|
|Target Version||Fixed in Version||4.0.0|
|Summary||0002736: +C Channel Mode: better document it does not apply to chanops etc.|
|Description||[editted report follows]|
It would be nice if we better documented that things like chanmode +C and +N do not apply to chanops. Even though it's logical for many people, it is not so for others and should be mentioned. Also the fact that for example +S/+c _are_ applied to chanops does not always make it very logical ;p. In /HELPOP ?CHMODES might be a good place, maybe in unreal32docs.html too.
|Additional Information||Original report:|
+C Channel Mode: Does Not Work as Advertised
The +C channel mode is described in the Unreal documentation as prohibiting CTCP communication between clients within the channel. Experimentation reveals that with jIRCii version b35, CTCP pings, version queries, and DCC chat sessions can be freely established while channel mode +C is active. This would most likely allow DCC file transfer through a server that is supposed to be prohibiting this functionality.
This vulnerability was discovered while testing the security of an IRC network that included Unreal IRCd as the server, jIRCii clients running Windows XP Pro and RH Linux Fedora Core 3, and Anope IRC Services.
|Tags||No tags attached.|
|3rd party modules|
Are you a chanop? Because CTCP's are only blocked from normal users in the channel, chanops can override it. Just like +m, +M, +N, ..
Maybe worth better documenting.
[quote]This would most likely allow DCC file transfer through a server that is supposed to be prohibiting this functionality.[/quote]
Oh if that is your purpose btw, then you should just add a deny dcc block for * :P.
Thank you for the responses. It took me a while to get the answers to your questions from our analyst (he has moved to a new job). I received a response just this morning and indeed he indicated that he could have been logged on as the chanop and he did not test DCC.
We plan to further test these options and notify you if we find any problems. I think it is a good idea to update the documentation to reflect the fact that chanops can override channel blocks.
I'm putting a note here to indicate the targets affected by the specific channel mode before making more changes to the docs.
As of Unreal34-beta2:
c - all
C - all
f* - N/A (It sets other modes for you.)
G* - all
i* - N/A (Doesn't affect you if you are in the channel. You can't join the channel unless you receive an INVITE.)
k* - N/A (Doesn't affect you if you are in the channel. You can't join the channel unless you specify the correct key.)
K* - N/A (Because it enables or disables KNOCK.)
l* - N/A (Doesn't affect you if you are in the channel. You can't join the channel if limit is exceeded.)
L* - N/A (Doesn't affect you if you are in the channel. You are automatically redirected under certain* conditions.)
m* - Users with no level modes only.
M - Unregistered users only.
N - Users with voice and lower only.
n - N/A (Doesn't affect you if you are in the channel. You cannot send messages if you are in that channel.)
O - Non opers only
p* - N/A (Doesn't affect users except in WHO(IS).)
P - N/A (Doesn't affect users.)
Q - all
r - N/A (Doesn't affect users.)
R - N/A (Doesn't affect you if you are in the channel. You cannot join the channel if you are unregistered.)
s - N/A (Doesn't affect users except in WHO(IS).)
S - all
t* - Users with voice and lower only.
T - all
V - all
z - All non-secure users are kicked from the channel and not allowed to join. IRCops who are invited are exempted unless +Z is set.
Z - N/A except the above.
EDIT: Comments for all channel modes are made by referring to the code except the ones flagged with asterisks (*).
||I'm marking this as fixed in 4.0.0 because in UnrealIRCd 4.x channel mode +C simply denies CTCP's from everyone in the channel. So there's no longer confusion about chanops vs non-chanops.|
|2006-01-03 15:09||smatthews||New Issue|
|2006-01-03 19:39||syzop||Note Added: 0010920|
|2006-01-03 19:40||syzop||Note Added: 0010921|
|2006-01-10 15:54||syzop||Status||new => closed|
|2006-01-10 15:54||syzop||Note Added: 0010958|
|2006-01-10 15:54||syzop||Resolution||open => no change required|
|2006-01-11 08:13||smatthews||Status||closed => feedback|
|2006-01-11 08:13||smatthews||Resolution||no change required => reopened|
|2006-01-11 08:13||smatthews||Note Added: 0010960|
|2006-01-19 08:33||syzop||Severity||major => tweak|
|2006-01-19 08:33||syzop||Status||feedback => acknowledged|
|2006-01-19 08:33||syzop||Resolution||reopened => open|
|2006-01-19 08:33||syzop||Category||ircd => documentation|
|2006-01-19 08:33||syzop||View Status||private => public|
|2006-01-19 08:33||syzop||Summary||+C Channel Mode Does Not Work as Advertised => +C Channel Mode: better document it does not apply to chanops etc.|
|2006-01-19 08:33||syzop||Description Updated|
|2006-01-19 08:33||syzop||Additional Information Updated|
|2006-01-19 08:35||syzop||Description Updated|
|2015-07-25 18:56||dboyz||Note Added: 0018566|
|2015-07-25 18:57||dboyz||Note Edited: 0018566||View Revisions|
|2015-07-25 19:00||dboyz||Note Edited: 0018566||View Revisions|
|2018-12-12 09:09||syzop||Assigned To||=> syzop|
|2018-12-12 09:09||syzop||Status||acknowledged => resolved|
|2018-12-12 09:09||syzop||Resolution||open => fixed|
|2018-12-12 09:09||syzop||Fixed in Version||=> 4.0.0|
|2018-12-12 09:09||syzop||Note Added: 0020403|