1 <!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 3.2//EN">
4 <TITLE> [IRCServices] Bug in mode locked keys in
5.0.6
6 <LINK REL=
"Index" HREF=
"index.html" >
7 <LINK REL=
"made" HREF=
"mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Bug%20in%20mode%20locked%20keys%20in%205.0.6&In-Reply-To=">
8 <META NAME=
"robots" CONTENT=
"index,nofollow">
9 <META http-equiv=
"Content-Type" content=
"text/html; charset=us-ascii">
10 <LINK REL=
"Previous" HREF=
"003427.html">
11 <LINK REL=
"Next" HREF=
"003433.html">
13 <BODY BGCOLOR=
"#ffffff">
14 <H1>[IRCServices] Bug in mode locked keys in
5.0.6</H1>
16 <A HREF=
"mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20Bug%20in%20mode%20locked%20keys%20in%205.0.6&In-Reply-To="
17 TITLE=
"[IRCServices] Bug in mode locked keys in 5.0.6">brain at brainbox.winbot.co.uk
19 <I>Tue Dec
31 23:
23:
00 PST
2002</I>
21 <LI>Previous message:
<A HREF=
"003427.html">[IRCServices] mailing list issues
23 <LI>Next message:
<A HREF=
"003433.html">[IRCServices] Question about TR-IRCD
25 <LI> <B>Messages sorted by:
</B>
26 <a href=
"date.html#3432">[ date ]
</a>
27 <a href=
"thread.html#3432">[ thread ]
</a>
28 <a href=
"subject.html#3432">[ subject ]
</a>
29 <a href=
"author.html#3432">[ author ]
</a>
34 <PRE>So no way to fix this? it's an effective way to steal a channels key if the channel is not regularly used...
35 how about an option to put a pseudoclient into channels to hold their mode locks?
37 Right now we're just advising our users avoid keys and stick to +i and access lists as it is much more secure.
39 ><i>On Friday, Dec
27,
2002, at
18:
25 US/Pacific, Craig Edwards wrote:
41 </I>>><i> We've just discovered a bug in ircservices
5.0.6 where a channel can
42 </I>>><i> be joined which has a key modelocked, and not only does it allow the
43 </I>>><i> client to enter, it also shows them the key, if the room is empty.
44 </I>>><i> In the following test, the channel is registered with the mode lock
45 </I>>><i> "+ntk mykey
", and is empty. Guest2088478498 is not on any access
46 </I>>><i> lists for the channel.
48 </I>>><i> *** services.chatspike.net changes topic to '(ChanServ)'
49 </I>>><i> *** ChanServ sets mode: +ntrk-o mykey Guest2088478498
51 </I>>><i> A little discussion led us to think that a good fix for this would
52 </I>>><i> be to treat keyed channels in the same way as +O channels, unless
53 </I>>><i> the correct key is supplied in the JOIN raw, if +k is mode locked,
54 </I>>><i> kick out the user before the locked modes and topic are set by
55 </I>>><i> chanserv/services.*
57 </I>><i>The key in the join command is not passed to other servers, so
58 </I>><i>services would never receive it.
60 </I>><i>-- Quension
62 </I>><i>------------------------------------------------------------------
63 </I>><i>To unsubscribe or change your subscription options, visit:
64 </I>><i><A HREF=
"http://www.ircservices.za.net/mailman/listinfo/ircservices">http://www.ircservices.za.net/mailman/listinfo/ircservices
</A>
74 <LI>Previous message:
<A HREF=
"003427.html">[IRCServices] mailing list issues
76 <LI>Next message:
<A HREF=
"003433.html">[IRCServices] Question about TR-IRCD
78 <LI> <B>Messages sorted by:
</B>
79 <a href=
"date.html#3432">[ date ]
</a>
80 <a href=
"thread.html#3432">[ thread ]
</a>
81 <a href=
"subject.html#3432">[ subject ]
</a>
82 <a href=
"author.html#3432">[ author ]
</a>