Anope IRC Services

Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: Module list [or part of it] visible to all users  (Read 5196 times)

0 Members and 1 Guest are viewing this topic.

MeiR

  • Anope User
  • Offline Offline
  • Posts: 49
Module list [or part of it] visible to all users
« on: August 11, 2009, 10:32:41 PM »

Loaded modules should be a secret? In IRCD they never was.
I can understand that sometimes [rarely] one or two modules shouldn't be visible 'cause of security reasons, but mainly it can be the best way for a user to get informed about which modules there are, and what additional features he can use. [especially when not all module authors remember to add a help section]
There can be a #define HIDDEN "1" line for modules that shouldn't be seen.
btw i really don't know which service will provide the modlist, since OperServ is restricted to opers ^^

I'm not sure that u all will agree with the idea, but I do think it should be considered and discussed.
Logged

Trystan Scott Lee

  • Contributor
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 343
Re: Module list [or part of it] visible to all users
« Reply #1 on: August 12, 2009, 02:45:20 PM »

This would need to be something stored in the module struct up in the core, defines in the mod itself will do nothing. If this is done will have to be more like

moduleSetHidden(MOD_HIDDEN);

personally see more harm then good if this gets in there, especially if there ever becomes a known exploit to a module, a hacker could check the list and get details to prepare their attack. But that is just me and remembering when NeoStats was exploited and hackers would come on version them and know if they were exploitable.
Logged
my God my tourniquet, return to me salvation

Naram Qashat

  • Team
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 192
    • CBX's Sprite Animations
Re: Module list [or part of it] visible to all users
« Reply #2 on: August 12, 2009, 06:21:20 PM »

Answer me this: what Service, if not OperServ, would you propose to move the modlist to?  It makes no sense to put it on NickServ, ChanServ, MemoServ, BotServ, or HostServ, leaving only OperServ.  OperServ can be configured to be accessible to all (which, in my opinion, defeats the purpose of it being called OperServ) or configured to be accessible to opers only.  So at the moment, the only way to deny access to the modlist is to make OperServ for opers only.  I'm of the opinion that the list of modules shouldn't be accessible to everyone, because (going with what trystan said) it can prevent people from using exploits on 3rd-party modules.
Logged

Darth Panda

  • Anope User
  • Offline Offline
  • Posts: 33
    • Cheap Software
Re: Module list [or part of it] visible to all users
« Reply #3 on: August 15, 2009, 03:16:44 PM »

Since well written modules will add themselves to the help system, I see no reason to expose the list to non-opers either. Granted not all authors add their commands, however, that's not Anope's fault. Authors should be politely coerced to add their commands to the correct help system.

All users need to see is the commands available to them, not which module provides the command.
« Last Edit: August 15, 2009, 03:20:31 PM by Darth Panda »
Logged
Some things just don't need to be fixed.
Less is usually more.
One meets his destiny often on the road he takes to avoid it.
Pages: [1]   Go Up