Anope IRC Services
Anope Support => 1.6.x (Read Only) => Topic started by: StonedOne on July 19, 2007, 11:50:44 PM
-
Greetings tech-gurus,
I think my network has stumbled into a unique bug.
If you have a channel setup, and you have voices setup, default level 3 (+v), they can obtain ops WITHOUT being an op.
This is how:
1) The join the channel. (they do NOT identify)
2) They then IDENTIFY, at which time chanserv +v voices them.
3) They then type /cs op, and viola! it OPS them. They are NOT on the op access llist, but they ARE on a voice.
I have XOP disabled. This seems to work on ANY channel where you have a voice +v on the access list.
I've upgraded to anope 1.6.5 (from 1.6.4) thinking a code fix might have been applied. no suck luck.
Is there a patch to fix this? Its obviously a security breach of sorts. I've enabled SECUREOPS on all channels to stop it for now, but in some cases, they can STILL get ops even with that on which is very perplexing to me.
Please advise.
Kindly,
Stoney
Starfleet Network
-
Ok, after further investigation, I discovered the problem.
This particular founder had changed the levels for the channel, had op level set at 100, voice level at 50, but forgot to change the Opdeopme directive, it was still 5. Hence, voices, at level 50, could op. DUH. Sorry about that.