regular user can check module wihtout be an oper

These are old archives. They are kept for historic purposes only.
Post Reply
narrakka
Posts: 2
Joined: Tue Jul 06, 2004 3:00 pm
Location: malaysia
Contact:

regular user can check module wihtout be an oper

Post by narrakka » Sat Dec 04, 2004 8:46 am

hello..
can someone please describe about this matter. Is it can give harm to server or not when regular user can look up all the modules that been load in IRCD with command just simple command /module. All module can be seen without
login as an oper.

DeadNotBuried
Posts: 44
Joined: Wed Mar 10, 2004 5:30 am
Location: irc.majestic-liaisons.com
Contact:

Post by DeadNotBuried » Sat Dec 04, 2004 10:20 am

thats how the command works by design, EVERYONE can use it to see what modules have been loaded.
Majestic Liaisons Adult Chat - [url=irc://irc.majestic-liaisons.com:6667]IRC[/url] , Java

codemastr
Former UnrealIRCd head coder
Posts: 811
Joined: Sat Mar 06, 2004 8:47 pm
Location: United States
Contact:

Post by codemastr » Sat Dec 04, 2004 5:17 pm

The purpose of this is to prevent you from loading spy modules and not allowing the users to know about it.
-- codemastr

narrakka
Posts: 2
Joined: Tue Jul 06, 2004 3:00 pm
Location: malaysia
Contact:

Post by narrakka » Wed Dec 08, 2004 6:16 am

so thats mean there is no harm for ircd when regular user can see what type of module that been loaded.

aquanight
Official supporter
Posts: 862
Joined: Tue Mar 09, 2004 10:47 pm
Location: Boise, ID

Post by aquanight » Wed Dec 08, 2004 6:47 pm

It's also good so that users can know what extensions your ircd supports (for example, if I wanted to be able to just set the PrivDeaf (+D) mode, I'd need to first check if the privdeaf module is loaded, and if not, resort to /silence * :P ). Some might say it's better to publicize this information somewhere like the MOTD (yeah right) or a public website (perhaps an httpd just running on the same machine?), but /module works just fine :) .

By the way, the extra info (like the author and module version) is only visible to ircops. Normal users see only the name and description.

medice
Posts: 42
Joined: Fri Jul 09, 2004 11:02 pm

Post by medice » Thu Dec 09, 2004 10:19 am

the only harm i can imagine is a buggy module which includes exploits etc. (i don't any - but this does not mean, that there aren't any...)
but its in the server-admins responsibility to check the security risks of his software imo...
greets
/medice

Post Reply