rename -> *.git

[irc.git] / software / RELEASES / ircservices / achurch.org / services / lists / ircservices / 2002 / 003432.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [IRCServices] Bug in mode locked keys in 5.0.6
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Bug%20in%20mode%20locked%20keys%20in%205.0.6&In-Reply-To=">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="003427.html">
   <LINK REL="Next"  HREF="003433.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[IRCServices] Bug in mode locked keys in 5.0.6</H1>
    <B>Craig Edwards</B> 
    <A HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Bug%20in%20mode%20locked%20keys%20in%205.0.6&In-Reply-To="
       TITLE="[IRCServices] Bug in mode locked keys in 5.0.6">brain at brainbox.winbot.co.uk
       </A><BR>
    <I>Tue Dec 31 23:23:00 PST 2002</I>
    <P><UL>
        <LI>Previous message: <A HREF="003427.html">[IRCServices] mailing list issues
</A></li>
        <LI>Next message: <A HREF="003433.html">[IRCServices] Question about TR-IRCD
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#3432">[ date ]</a>
              <a href="thread.html#3432">[ thread ]</a>
              <a href="subject.html#3432">[ subject ]</a>
              <a href="author.html#3432">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>So no way to fix this? it's an effective way to steal a channels key if the channel is not regularly used...
how about an option to put a pseudoclient into channels to hold their mode locks?

Right now we're just advising our users avoid keys and stick to +i and access lists as it is much more secure.

&gt;<i>On Friday, Dec 27, 2002, at 18:25 US/Pacific, Craig Edwards wrote:
</I>&gt;<i>
</I>&gt;&gt;<i> We've just discovered a bug in ircservices 5.0.6 where a channel can
</I>&gt;&gt;<i> be joined which has a key modelocked, and not only does it allow the
</I>&gt;&gt;<i> client to enter, it also shows them the key, if the room is empty.
</I>&gt;&gt;<i> In the following test, the channel is registered with the mode lock
</I>&gt;&gt;<i> &quot;+ntk mykey&quot;, and is empty. Guest2088478498 is not on any access
</I>&gt;&gt;<i> lists for the channel.
</I>&gt;&gt;<i>
</I>&gt;&gt;<i> *** services.chatspike.net changes topic to '(ChanServ)'
</I>&gt;&gt;<i> *** ChanServ sets mode: +ntrk-o mykey Guest2088478498
</I>&gt;<i>
</I>&gt;&gt;<i> A little discussion led us to think that a good fix for this would
</I>&gt;&gt;<i> be to treat keyed channels in the same way as +O channels, unless
</I>&gt;&gt;<i> the correct key is supplied in the JOIN raw, if +k is mode locked,
</I>&gt;&gt;<i> kick out the user before the locked modes and topic are set by
</I>&gt;&gt;<i> chanserv/services.*
</I>&gt;<i>
</I>&gt;<i>The key in the join command is not passed to other servers, so
</I>&gt;<i>services would never receive it.
</I>&gt;<i>
</I>&gt;<i>-- Quension
</I>&gt;<i>
</I>&gt;<i>------------------------------------------------------------------
</I>&gt;<i>To unsubscribe or change your subscription options, visit:
</I>&gt;<i><A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">http://www.ircservices.za.net/mailman/listinfo/ircservices</A>
</I>


</PRE>

<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
        <LI>Previous message: <A HREF="003427.html">[IRCServices] mailing list issues
</A></li>
        <LI>Next message: <A HREF="003433.html">[IRCServices] Question about TR-IRCD
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#3432">[ date ]</a>
              <a href="thread.html#3432">[ thread ]</a>
              <a href="subject.html#3432">[ subject ]</a>
              <a href="author.html#3432">[ author ]</a>
         </LI>
       </UL>

</body></html>