View Issue Details

IDProjectCategoryView StatusLast Update
0006423unrealircdpublic2024-06-14 10:46
ReporterValware Assigned Tosyzop  
Status resolvedResolutionfixed 
Product Version6.1.6 
Fixed in Version6.1.7-rc1 
Summary0006423: Oper Override notice given on remote servers when a HalfOp user kicks themselves or another HalfOp user in a channel.
DescriptionA big scary notice gets generated about remote users (without ircop) that they've used Oper Override when they don't actually have oper override.
This is problematic in the sense that it would lead network operators to believe that regular users may have somehow hijacked escalated privileges, when it's not the case. [info] OperOverride: [email protected] kicked V3 from #testing (V3)

[from whois]
V3 is using modes +iwxz

This requires that the user has HalfOp (+h) in the channel and that the target also has HalfOp in the channel.
This also requires that the user can kick a halfop, so also needs +o (operator)
This also requires that the kick was successful and that the user is on a remote server to the one the snotice was generated on.
Steps To Reproduce- Be normal user (not oper)
- Be a second user with oper on a remote server to the normal user
- Join channel and have +h (halfops) and +o (operator)
- Kick either yourself or another person with halfops
- Observe the snotice from remote server as IRCop.
TagsNo tags attached.
3rd party modules



2024-06-08 16:03

reporter   ~0023214

Forgot to mention - Reported by Moebius!


2024-06-14 10:46

administrator   ~0023217

Fixed now, thanks for the report, always fun these things :D.

commit c37dc9334b16b95575f91c9ac02bd26515e64030 (HEAD -> unreal60_dev, origin/unreal60_dev, origin/HEAD)
Author: Bram Matthys <[email protected]>
Date: Fri Jun 14 10:39:29 2024 +0200

    Attempt to fix KICK OperOverride message if you are not +o but have +h/+a/+q.
    There was an incorrect OperOverride message if you were had +h, +a or +q
    and was kicking someone that you should normally be able to (without override).
    This requires quite a bit of further testing, though, it's so easy to get
    this wrong. The FIXME still stands to fix this for good some day.
    Reported by Valware in

Issue History

Date Modified Username Field Change
2024-06-08 16:01 Valware New Issue
2024-06-08 16:03 Valware Note Added: 0023214
2024-06-14 10:46 syzop Assigned To => syzop
2024-06-14 10:46 syzop Status new => resolved
2024-06-14 10:46 syzop Resolution open => fixed
2024-06-14 10:46 syzop Fixed in Version => 6.1.7-rc1
2024-06-14 10:46 syzop Note Added: 0023217