View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003490 | unreal | ircd | public | 2007-07-28 06:24 | 2007-08-03 01:45 |
| Reporter | CuttingEdge | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | i386 | OS | Linux | OS Version | 2.6.18 |
| Product Version | 4.0-devel | ||||
| Fixed in Version | 4.0-devel | ||||
| Summary | 0003490: Hide +j and +f secondary variables from /LIST for regular users | ||||
| Description | Currently +j and +f secondary variables are displayed in /LIST for regular users. This should be fine for IRC operators though. I reckon this could pose as a security threat of sorts, as then people that abuse channels can adjust their method of attack to be within these thresholds. Currently the Unreal 3.2.* branch hides these variables too. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
| child of | 0003417 | closed | TODO list for Unreal4.0 |
|
|
I reckon this could pose as a security threat of sorts, as then people that abuse channels can adjust their method of attack to be within these thresholds. ===== Hmm...they could still join one bot, see the f param, and then get around it. I have seen bots stay just within f before >< |
|
|
Some IRCds hide sensitive params from non-ops.. this is an option as well |
|
|
Fixed in r135 |
|
|
I have qa tested this, and everything works correctly except that opers do not see the mode secondary variables when opered up. However, it works when using m_spy.so, so I am assuming it is following the the same trend +s and +k channels follow, so I believe it is tested and works. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2007-07-28 06:24 | CuttingEdge | New Issue | |
| 2007-07-28 06:26 |
|
QA | => Not touched yet by developer |
| 2007-07-28 06:26 |
|
U4: Need for upstream patch | => No need for upstream InspIRCd patch |
| 2007-07-28 06:26 |
|
U4: Upstream notification of bug | => Not decided |
| 2007-07-28 06:26 |
|
U4: Contributor working on this | => None |
| 2007-07-28 06:26 |
|
Status | new => confirmed |
| 2007-07-28 06:26 |
|
Relationship added | child of 0003417 |
| 2007-07-28 20:54 | Shining Phoenix | Note Added: 0014621 | |
| 2007-07-28 21:57 | Stealth | Note Added: 0014622 | |
| 2007-08-01 12:44 |
|
QA | Not touched yet by developer => Fixed by developer, needs QA testing |
| 2007-08-01 12:44 |
|
Status | confirmed => resolved |
| 2007-08-01 12:44 |
|
Fixed in Version | => 4.0-devel |
| 2007-08-01 12:44 |
|
Resolution | open => fixed |
| 2007-08-01 12:44 |
|
Assigned To | => stskeeps |
| 2007-08-01 12:44 |
|
Note Added: 0014648 | |
| 2007-08-03 01:44 | dmb | Note Added: 0014657 | |
| 2007-08-03 01:45 | dmb | QA | Fixed by developer, needs QA testing => QA has accepted the fix |
