Anope IRC Services
Anope Development => Feature Requests => Topic started by: MeiR on July 31, 2009, 02:14:51 AM
-
I've encountered an issue when I tried to restrict modes from ircd (set::restrict-channelmodes in unreal).
After I set there some modes, users can easily remove \ add them by "/cs set #chan mlock +\-MODES" (removing can be done also with "/cs clear").
So I thought it'd be useful if modes could be restricted in anope's conf too, and not be used at these two methods.
(wishing to get to the day when ircd can supply this infomation to services. *communication* '-')
-
I'm bumping this thread, since I consider the issue as a kind of security lack.
Services shouldn't let users the ability to bypass ircd limitations.
Can someone please state his opinion, at least?
Thanks in advance :)
-
Anope has no way of knowing that users aren't allowed to unset modes. As you have stated, the ircd and services do not communicate that type of thing. So essentially you've already explained why this happens.
As far as Anope restricting mode changes, that can be done with a module. Check the modules site to see if someone has written one already.
-
I *know* anope can't know about ircd restrictions!
I meant in my request, that there'll be a separate restriction through anope, controlling which modes can't be mlocked.
Some conf directive like "CSRestrictMlock" would be useful for that...
-
Can you explain a bit more about what modes exactly you're talking about as I am reading this as a huge functionality kill for users unless there is justification.
-
Since set::restrict-channelmodes can restrict any and all modes, I'd assume that for the sake of everyone that having the ability to restrict any or all modes would be the only correct answer.
-
Chaz, if you restrict any mode through ircd (let's say +G), the services server, which is u:lined of course, will be able to remove it.
So any channel owner can simply do "/cs set #chan mlock -G" or "/cs clear #chan modes", and bypass the restriction this way, after the services server will send "-G" rawmode.
He can even set mlock off again after the removal.
I assume that if a network owner restricts a mode through ircd, it should be restricted from services too, and won't consider as functionality kill.
Therefore, I suggest a config directive named "CSRestrictMlock" (or "CSRestrictMlockClear"\"CSRestrictModes") which will provide a restriction from anope's side.
There's the known mlock notice: "Mode r ignored because you can't lock it", so I guess that some part of the method is already implemented.
-
Thank you for the explanation it makes more sense now.