View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001617 | Anope Stable (2.0.x series) | General | public | 2014-10-09 16:17 | 2014-10-09 23:46 |
| Reporter | alefburzmali | Assigned To | Robby | ||
| Priority | normal | Severity | major | Reproducibility | sometimes |
| Status | resolved | Resolution | fixed | ||
| Summary | 0001617: Default DEFCON settings do not require any permission | ||||
| Description | In operserv.example.conf, the operserv/defcon command is the only command definition to not require a corresponding permission to be executed. If the command is enabled without paying careful attention, anyone who can access OperServ can use the defcon command. The default configuration should set a "operserv/defcon" permission like every other OperServ commands. | ||||
| Additional Information | The command is disabled by default, so it must be enabled to be abused. Moreover, the "opersonly = yes" default setting restrict its access to opers only. However, anyone with an o:line and a registered nick can execute defcon, even if he is not a services oper. If opersonly is set to "no", any registered user can access it. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-10-09 16:17 | alefburzmali | New Issue | |
| 2014-10-09 23:40 | Robby | Note Added: 0006659 | |
| 2014-10-09 23:46 | Robby | Status | new => resolved |
| 2014-10-09 23:46 | Robby | Resolution | open => fixed |
| 2014-10-09 23:46 | Robby | Assigned To | => Robby |
