View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006423 | unreal | ircd | public | 2024-06-08 16:01 | 2024-06-14 10:46 |
| Reporter | Valware | Assigned To | syzop | ||
| Priority | normal | Severity | trivial | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 6.1.6 | ||||
| Fixed in Version | 6.1.7 | ||||
| Summary | 0006423: Oper Override notice given on remote servers when a HalfOp user kicks themselves or another HalfOp user in a channel. | ||||
| Description | A big scary notice gets generated about remote users (without ircop) that they've used Oper Override when they don't actually have oper override. This is problematic in the sense that it would lead network operators to believe that regular users may have somehow hijacked escalated privileges, when it's not the case. -irc.valware.uk- [info] OperOverride: [email protected] kicked V3 from #testing (V3) [from whois] V3 is using modes +iwxz This requires that the user has HalfOp (+h) in the channel and that the target also has HalfOp in the channel. This also requires that the user can kick a halfop, so also needs +o (operator) This also requires that the kick was successful and that the user is on a remote server to the one the snotice was generated on. | ||||
| Steps To Reproduce | - Be normal user (not oper) - Be a second user with oper on a remote server to the normal user - Join channel and have +h (halfops) and +o (operator) - Kick either yourself or another person with halfops - Observe the snotice from remote server as IRCop. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Forgot to mention - Reported by Moebius! |
|
|
Fixed now, thanks for the report, always fun these things :D. https://github.com/unrealircd/unrealircd/commit/c37dc9334b16b95575f91c9ac02bd26515e64030 commit c37dc9334b16b95575f91c9ac02bd26515e64030 (HEAD -> unreal60_dev, origin/unreal60_dev, origin/HEAD) Author: Bram Matthys <[email protected]> Date: Fri Jun 14 10:39:29 2024 +0200 Attempt to fix KICK OperOverride message if you are not +o but have +h/+a/+q. There was an incorrect OperOverride message if you were had +h, +a or +q and was kicking someone that you should normally be able to (without override). This requires quite a bit of further testing, though, it's so easy to get this wrong. The FIXME still stands to fix this for good some day. Reported by Valware in https://bugs.unrealircd.org/view.php?id=6423 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-06-08 16:01 | Valware | New Issue | |
| 2024-06-08 16:03 | Valware | Note Added: 0023214 | |
| 2024-06-14 10:46 | syzop | Assigned To | => syzop |
| 2024-06-14 10:46 | syzop | Status | new => resolved |
| 2024-06-14 10:46 | syzop | Resolution | open => fixed |
| 2024-06-14 10:46 | syzop | Fixed in Version | => 6.1.7 |
| 2024-06-14 10:46 | syzop | Note Added: 0023217 |
