View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001617||Anope Stable (2.0.x series)||General||public||2014-10-09 16:17||2014-10-09 23:46|
|Summary||0001617: Default DEFCON settings do not require any permission|
|Description||In operserv.example.conf, the operserv/defcon command is the only command definition to not require a corresponding permission to be executed. If the command is enabled without paying careful attention, anyone who can access OperServ can use the defcon command.|
The default configuration should set a "operserv/defcon" permission like every other OperServ commands.
|Additional Information||The command is disabled by default, so it must be enabled to be abused. Moreover, the "opersonly = yes" default setting restrict its access to opers only.|
However, anyone with an o:line and a registered nick can execute defcon, even if he is not a services oper. If opersonly is set to "no", any registered user can access it.
|Tags||No tags attached.|