0001720: /cs mode does not check if the person executing it has permission to set a +L channel as redirect - Anope Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0001720	Anope Stable (2.0.x series)	General	public	2019-03-29 12:09	2019-03-29 12:09

Reporter	Koragg	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open
Platform	Linux/Unix	OS	Debian

Summary	0001720: /cs mode does not check if the person executing it has permission to set a +L channel as redirect
Description	When using /cs mode to set modes, the channel mode +L on InspIRCd and UnrealIRCd can be used to redirect people to a channel once a channel limit has been reached. The issue is, that /cs mode does not check whether the person using /cs mode to set +L has permission to set said redirect channel (the IRCd would check for ops on InspIRCd and owner on UnrealIRCd). This could be abused to set a very low channel limit and redirect join everyone to another channel (it respects join restrictive modes, but this is an issue for channels that want to in general allow everyone in).
Steps To Reproduce	1. Have a user be identified to his NickServ account and have his own channel # OR one where he has access to /cs mode hereby reffered to as #A 2. Have the user from 1. execute /cs mode #A set +L #B OR /cs mode #A lock add +L #B whereby this user has NO access in #B whatsoever 3. Observe how Anope (through the respective BotServ bot or, if non present, through ChanServ) sets +L #B even though this user has no ChanServ access in #B whatsoever (and also no (half)ops or higher status prefix)
Additional Information	This bug effects all IRCd's that have a +L channel mode for redirects on reachec channel limits and could possibly effect IRCd's with other forms of redirects as well, for example CharybdisIRCd with chanmode +f (this is untested though a distinct possibility unfortunately).
Tags	No tags attached.

Date Modified	Username	Field	Change
2019-03-29 12:09	Koragg	New Issue