View Issue Details

IDProjectCategoryView StatusLast Update
0005698unrealircdpublic2020-09-26 13:53
ReporterAdanaran Assigned Tosyzop  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Platformx64OSUbuntu 
Product Version5.0.4 
Fixed in Version5.0.7-rc1 
Summary0005698: Voiced users bypass +b ~T:block and +b ~T:censor
DescriptionWe upgraded from unreal 4 to 5 a few days ago and since then voiced users are able to bypass +b ~T:block and +b ~T:censor modes. This is not listed in the changelog and seems to be a regression. Some of our ~T:block have special characters, some have not. Both seem to be bypassable.
Steps To Reproduce/mode #chan +b ~T:block:*test*

send "test" with an unvoiced user, gets blocked.
give voice
send "test" with a voiced user, does not get blocked.
TagsNo tags attached.
3rd party modules

Activities

PeGaSuS

2020-06-03 06:57

reporter   ~0021606

That's not a bug, but it's by design in UnrealIRCd. If you want to stop voiced users to bypass those bans, you could try to install the third party module *banfix_voice* with:

./unrealircd module install third/banfix_voice

Note: this command should be executed in the shell, inside the unrealircd folder.

Some more info about the third party module:

https://gitgud.malvager.net/Wazakindjes/unrealircd_mods/src/master/man/banfix_voice.md

kenneaal

2020-06-03 17:41

reporter   ~0021607

This should probably make it into the changelog then, as it is a significant change of behavior from 4.x.

syzop

2020-06-05 17:01

administrator   ~0021608

There are indeed pro's and cons and I can see why it behaves that way currently, BUT.. I have to say, for me too this behavior is not what I would expect for ~T. I will look into changing it.

Adanaran

2020-06-27 21:34

reporter   ~0021653

Any news on this?

syzop

2020-09-26 13:53

administrator   ~0021755

Last edited: 2020-09-26 13:53

View 2 revisions

Sometimes things sound like an easy change, but they are not, not at all.

commit 57d0efbc58ceadda1818f61490cb1015fba6631f (HEAD -> unreal50, origin/unreal50)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Sat Sep 26 13:43:46 2020 +0200

    Recode textbans so voiced users cannot bypass them.
    Reported by Adanaran in https://bugs.unrealircd.org/view.php?id=5698
    
    Although voiced users normally bypass bans, it is not really logical
    for them to bypass filtering of banned words, since that is normally
    a policy decission by channel management. So +v will not bypass it.
    
    1) The problem is that this is enforced at the ban layer API. The extban
    routines, textban in this case, are not called when the user is voiced,
    because voiced users bypass bans. If we would change that in the ban API
    then voiced users can also no longer talk through (=bypass) regular +b or
    other extended +b such as ~a (account) etc.
    
    2) I figured we would then make +T not use the ban API but the
    can_send_to_channel hook instead. However, then you have to do manual
    looping through bans and such, it's rather ugly from a coding point of view,
    and you risk "missing" things like ~T stacked with ~t.
    
    3) Then I went back to look if the ban API could be changed by having the
    textban module set a flag and then the ban api would call that specific
    module still for voiced users. While starting on that, unfortunately things
    (variables, arguments) cascaded quickly into having to change all kinds of
    underlying functions that would break the module API.
    
    4) I then went back to option 2 and implemented it, trying to deal
       with all its caveats.

https://github.com/unrealircd/unrealircd/commit/57d0efbc58ceadda1818f61490cb1015fba6631f

Issue History

Date Modified Username Field Change
2020-06-02 18:20 Adanaran New Issue
2020-06-03 06:57 PeGaSuS Note Added: 0021606
2020-06-03 17:41 kenneaal Note Added: 0021607
2020-06-05 16:59 syzop Severity major => minor
2020-06-05 17:01 syzop Assigned To => syzop
2020-06-05 17:01 syzop Status new => acknowledged
2020-06-05 17:01 syzop Note Added: 0021608
2020-06-27 21:34 Adanaran Note Added: 0021653
2020-09-26 13:53 syzop Status acknowledged => resolved
2020-09-26 13:53 syzop Resolution open => fixed
2020-09-26 13:53 syzop Fixed in Version => 5.0.7-rc1
2020-09-26 13:53 syzop Note Added: 0021755
2020-09-26 13:53 syzop Note Edited: 0021755 View Revisions