Page 1 of 1
regular user can check module wihtout be an oper
Posted: Sat Dec 04, 2004 8:46 am
by narrakka
hello..
can someone please describe about this matter. Is it can give harm to server or not when regular user can look up all the modules that been load in IRCD with command just simple command /module. All module can be seen without
login as an oper.
Posted: Sat Dec 04, 2004 10:20 am
by DeadNotBuried
thats how the command works by design, EVERYONE can use it to see what modules have been loaded.
Posted: Sat Dec 04, 2004 5:17 pm
by codemastr
The purpose of this is to prevent you from loading spy modules and not allowing the users to know about it.
Posted: Wed Dec 08, 2004 6:16 am
by narrakka
so thats mean there is no harm for ircd when regular user can see what type of module that been loaded.
Posted: Wed Dec 08, 2004 6:47 pm
by aquanight
It's also good so that users can know what extensions your ircd supports (for example, if I wanted to be able to just set the PrivDeaf (+D) mode, I'd need to first check if the privdeaf module is loaded, and if not, resort to /silence *
). Some might say it's better to publicize this information somewhere like the MOTD (yeah right) or a public website (perhaps an httpd just running on the same machine?), but /module works just fine
.
By the way, the extra info (like the author and module version) is only visible to ircops. Normal users see only the name and description.
Posted: Thu Dec 09, 2004 10:19 am
by medice
the only harm i can imagine is a buggy module which includes exploits etc. (i don't any - but this does not mean, that there aren't any...)
but its in the server-admins responsibility to check the security risks of his software imo...