Anope Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001617Anope Stable (2.0.x series)[All Projects] Generalpublic2014-10-09 16:172014-10-09 23:46
Reporteralefburzmali 
Assigned ToRobby 
PrioritynormalSeveritymajorReproducibilitysometimes
StatusresolvedResolutionfixed 
PlatformOSOS Version
Summary0001617: Default DEFCON settings do not require any permission
DescriptionIn operserv.example.conf, the operserv/defcon command is the only command definition to not require a corresponding permission to be executed. If the command is enabled without paying careful attention, anyone who can access OperServ can use the defcon command.

The default configuration should set a "operserv/defcon" permission like every other OperServ commands.
Additional InformationThe command is disabled by default, so it must be enabled to be abused. Moreover, the "opersonly = yes" default setting restrict its access to opers only.

However, anyone with an o:line and a registered nick can execute defcon, even if he is not a services oper. If opersonly is set to "no", any registered user can access it.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0006659)
Robby (manager)
2014-10-09 23:40

Thanks for reporting. Fixed in commit 0991d4e1998c5a87c8deb3f9460685eed0212160.

- Issue History
Date Modified Username Field Change
2014-10-09 16:17 alefburzmali New Issue
2014-10-09 23:40 Robby Note Added: 0006659
2014-10-09 23:46 Robby Status new => resolved
2014-10-09 23:46 Robby Resolution open => fixed
2014-10-09 23:46 Robby Assigned To => Robby


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker