Anope IRC Services

Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: Chanserv op bug  (Read 5024 times)

0 Members and 1 Guest are viewing this topic.

StonedOne

  • Guest
Chanserv op bug
« on: July 19, 2007, 11:50:44 PM »

Greetings tech-gurus,
   I think my network has stumbled into a unique bug.

If you have a channel setup, and you have voices setup, default level 3 (+v), they can obtain ops WITHOUT being an op.

This is how:
1) The join the channel. (they do NOT identify)
2) They then IDENTIFY, at which time chanserv +v voices them.
3) They then type /cs op, and viola! it OPS them. They are NOT on the op access llist, but they ARE on a voice.

I have XOP disabled. This seems to work on ANY channel where you have a voice +v on the access list.

I've upgraded to anope 1.6.5 (from 1.6.4) thinking a code fix might have been applied. no suck luck.

Is there a patch to fix this? Its obviously a security breach of sorts. I've enabled SECUREOPS on all channels to stop it for now, but in some cases, they can STILL get ops even with that on which is very perplexing to me.

Please advise.

Kindly,
Stoney
Starfleet Network
Logged

StonedOne

  • Guest
Chanserv op bug?
« Reply #1 on: July 20, 2007, 02:40:01 PM »

Ok, after further investigation, I discovered the problem.

This particular founder had changed the levels for the channel, had op level set at 100, voice level at 50, but forgot to change the Opdeopme directive, it was still 5. Hence, voices, at level 50, could op. DUH. Sorry about that.
Logged
Pages: [1]   Go Up