Anope IRC Services

Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: op escalation  (Read 3127 times)

0 Members and 1 Guest are viewing this topic.

lordcow

  • Anope User
  • Offline Offline
  • Posts: 18
op escalation
« on: May 28, 2013, 05:01:10 PM »
Hey guys, have just spotted that an unprivileged user can op themselves in any channel with /msg chanserv mode # set +o user. We're on commit f08dbced60d59de28d13efee2e19097e0b42f4c7
Logged

Adam

  • Team
  • *
  • Offline Offline
  • Posts: 463
Re: op escalation
« Reply #1 on: May 28, 2013, 06:47:40 PM »
Hi,

Are you still able to reproduce this on the latest git? I tried, and get:
-ChanServ- You do not have access to set mode o.

Also, this is the type of thing that should be posted on our bugtracker, located at http://bugs.anope.org.
If you are able to reproduce this on the latest git you should open a bug and include debug logs (with --support) of this, as well as /cs status for the user executing the command.

Thanks
Logged

lordcow

  • Anope User
  • Offline Offline
  • Posts: 18
Re: op escalation
« Reply #2 on: May 29, 2013, 03:44:33 PM »
Hey will do so next time. We couldn't reproduce the bug on an offline system with the same git version, configs, and .db. Restarted the live version and the issue disappeared. So something's wrong, but doubt we can help now.
Logged
Pages: [1]   Go Up
« previous next »