View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002751 | unreal | ircd | public | 2006-01-20 18:21 | 2018-05-01 16:40 |
| Reporter | syzop | Assigned To | syzop | ||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | closed | Resolution | no change required | ||
| Product Version | 3.2.4 | ||||
| Summary | 0002751: Improved quarantine | ||||
| Description | It would be nice if a server just communicated (send a command on-link) to the other server if it is quarantined, so it can disallow global oper privileges by itself. That, but keep the KILL stuff if it happens anyway (the new thing in 3.2.4). Advantage of it is that it gets rid of some odd race conditions, though it is of course still by far a complete quarantine solution --> which we will never have and never plan to have anyway. Oh and it will be "nicer" to get an error instead of being killed if you try to oper up... ;) Idea by Jason | ||||
| Additional Information | post-3.2.4 | ||||
| 3rd party modules | |||||
|
|
Make sure you KILL as a backup, in case they modified their source |
|
|
Have a link flag sent to the server linking, and stored in a variable When someone /oper's, Unreal checks the link flags and junk. If the option is there, and the flags for the oper are Global+, deny the oper with an error such as: A linked server restricts the O:Line from being used. |
|
|
The interesting thing is both the "keep KILL" and '"nicer" to get an error instead of being killed if you try to oper up" are mentioned in the bugreport :P |
|
|
Meep. all this killing and blocking. Suggestion: Instead of blocking or kicking the oper offline, cant we just drop their global flags? (Either internally via the code (FLAGS &= ~GLOBALOPER) or something like that, or use SVSO to drop the flag?) |
|
|
We cant do it internally anywhere but our own server, so thats no good. We arent ulined, so we cant use SVSO (or SVS*) |
|
|
SVSO Should be allowed to pass from server-server then, and allowed if a Server initiated it. Thus: hub.network.org connects to quarantined.network.org Oper on quarantined does /oper for a say.. NetAdmin line Hub detects this foul opup and runs an immediate SVSO -> oper -oN... etc to take off the Global-ish flags (K, t, etc). Having the check run on the Hub instead of passing a "You are Quarantined" variable to the linking server allows the network to protect against modified source, as mentioned by JasonTik on note 0010988 |
|
|
You cannot protect against modifications of the source, there are TONS of ways to do all kinds of very abusive things. In a conversation with Jason, we agreed this should be more clearly documented somewhere... Also, I'm getting a bit tired about all these bugnotes.. maybe I should have put it in as private............. |
|
|
Quarantine will not be improved, hardly ever used, not worth it |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-01-20 18:21 | syzop | New Issue | |
| 2006-01-20 19:45 | JasonTik | Note Added: 0010988 | |
| 2006-01-20 22:02 | Stealth | Note Added: 0010991 | |
| 2006-01-21 07:02 | syzop | Note Added: 0010993 | |
| 2006-01-22 08:44 | syzop | Severity | minor => feature |
| 2006-01-22 16:26 | Zell | Note Added: 0011019 | |
| 2006-01-22 17:40 | JasonTik | Note Added: 0011023 | |
| 2006-01-22 17:44 | Zell | Note Added: 0011024 | |
| 2006-01-22 18:22 | syzop | Note Added: 0011025 | |
| 2007-04-27 04:28 |
|
Status | new => acknowledged |
| 2018-05-01 16:40 | syzop | Assigned To | => syzop |
| 2018-05-01 16:40 | syzop | Status | acknowledged => closed |
| 2018-05-01 16:40 | syzop | Resolution | open => no change required |
| 2018-05-01 16:40 | syzop | Note Added: 0020112 |
