m_soper will crash the Unreal3.2.8.1
m_soper will crash the Unreal3.2.8.1
When you dont set the optional settings of m_soper , m_soper will crash the server
when an Oper connect
Greets Han`
when an Oper connect
Greets Han`
Re: m_soper will crash the Unreal3.2.8.1
Just set the optional settings then
People will just find out when they load the module to their testserver =]
People will just find out when they load the module to their testserver =]
Ex Network-Administrator
Re: m_soper will crash the Unreal3.2.8.1
Users shouldn't be forced to use optional settings to prevent a crash. That's just bad advice.
Han` my advice is to try to contact the author about the problem. In the mean time I'll look into it to see if I can replicate/fix it.
Han` my advice is to try to contact the author about the problem. In the mean time I'll look into it to see if I can replicate/fix it.
Re: m_soper will crash the Unreal3.2.8.1
UPDATE: I'm unable to duplicate this issue.
Re: m_soper will crash the Unreal3.2.8.1
yeah true, but cloud is not reachable.katsklaw wrote:Users shouldn't be forced to use optional settings to prevent a crash. That's just bad advice.
Han` my advice is to try to contact the author about the problem. In the mean time I'll look into it to see if I can replicate/fix it.
Information
The requested user does not exist.
I can show you the crash on my testnet, when you will
Greets Han`
Re: m_soper will crash the Unreal3.2.8.1
here the gdb backtrace
changed in
problem solved
thx to DukePyrolator
Greets Han`
Code: Select all
/* Check for secure connection */
if ((operexempt[0] != '\0') && !(sptr->umodes & UMODE_SECURE)) {
Code: Select all
if ((operexempt && (operexempt[0] != '\0')) && !(sptr->umodes & UMODE_SECURE)) {
thx to DukePyrolator
Greets Han`
Re: m_soper will crash the Unreal3.2.8.1
lol, I actually noticed that .. but didn't have the time to change it and test.
Glad you got it working.
ciao
Glad you got it working.
ciao
-
- UnrealIRCd coder
- Posts: 6
- Joined: Mon Aug 03, 2009 1:54 am
- Location: Middle Earth
- Contact:
Re: m_soper on Unreal3.2.8.1
Actually, this aggravates the problem. If you require operexempt to be set to _something_ and to have strlen(operexempt) > 0 before checking if the mode is secure, you're skipping the SSL check altogether.Han` wrote:here the gdb backtrace
changed inCode: Select all
/* Check for secure connection */ if ((operexempt[0] != '\0') && !(sptr->umodes & UMODE_SECURE)) {
problem solvedCode: Select all
if ((operexempt && (operexempt[0] != '\0')) && !(sptr->umodes & UMODE_SECURE)) {
thx to DukePyrolator
I have attacked this module and the results are at http://ohnopub.net/hg/unrealircd-module ... /m_soper.c . Any feedback on my changes or the module in general would be very much appreciated. If people are willing to give me positive feedback, I'll see if I can get syzop to put this into the ``official'' modules list (and thus replace the nonworking version ).
-
- Head of Support
- Posts: 2086
- Joined: Tue Jun 15, 2004 8:50 pm
- Location: Chino Hills, CA, US
- Contact:
Re: m_soper will crash the Unreal3.2.8.1
If you want opers to be required to use SSL, why don't you take your security one step further and require them to log in with SSL certificate authentication. It isn't too hard to set up, and requires no additional modules.
There are instructions here: http://forums.unrealircd.com/viewtopic.php?f=3&t=4181
My $0.02
There are instructions here: http://forums.unrealircd.com/viewtopic.php?f=3&t=4181
My $0.02
Re: m_soper will crash the Unreal3.2.8.1
I'll second the sslclientcert option as the better sollution. In part because it comes as part of UnrealIRCd's core without the need for modules, and secondly because it doesnt compromise the oper password if the oper tries to /oper without using SSL (which the m_soper module cannot prevent)
Your IP:
Your Country:
Your Country:
Re: m_soper will crash the Unreal3.2.8.1
IIRC, not all clients support this method of securing oper status.
Other things that CAN be done though that work on all or nearly all clients is/are:
1> *not* using plain text passwords in the config file.
2> Make it net policy that all opers use an ssl client port, take punitive action on those that don't ie remove their oper status.
3> insure all servers are connected via ssl (which should be a higher priority than ssl oper anyway for the paranoid) [this doesn't affect opering directly, but is a good security measure]
4> Use good passwords ie 546745ghrtHDF instead of JoeBob or myLeetpasswd
5> Require frequent password changes (every 60days or so)
6> Use oper names other than the users nick ie JoeOper has to type: /oper JoePenguins 365DFGHdfgh56fdg to oper up.
7> don't use *@* as oper hosts, use a stricter hostmask, trust me it does wonders. *pointing at a specific UnderNet blunder*
Security can be heightened just by adding more human element and less automation (read stop being so lazy). Simply being smarter about security will add a layer of security no module can provide.
Other things that CAN be done though that work on all or nearly all clients is/are:
1> *not* using plain text passwords in the config file.
2> Make it net policy that all opers use an ssl client port, take punitive action on those that don't ie remove their oper status.
3> insure all servers are connected via ssl (which should be a higher priority than ssl oper anyway for the paranoid) [this doesn't affect opering directly, but is a good security measure]
4> Use good passwords ie 546745ghrtHDF instead of JoeBob or myLeetpasswd
5> Require frequent password changes (every 60days or so)
6> Use oper names other than the users nick ie JoeOper has to type: /oper JoePenguins 365DFGHdfgh56fdg to oper up.
7> don't use *@* as oper hosts, use a stricter hostmask, trust me it does wonders. *pointing at a specific UnderNet blunder*
Security can be heightened just by adding more human element and less automation (read stop being so lazy). Simply being smarter about security will add a layer of security no module can provide.
Configuration - https://www.unrealircd.org/docs/Configuration
FAQ - https://www.unrealircd.org/docs/FAQ
FAQ - https://www.unrealircd.org/docs/FAQ
Re: m_soper will crash the Unreal3.2.8.1
For those that don't stunnel is a viable option. I used stunnel for years with xchat before I found out how to use SSL client certs in xchat.katsklaw wrote:IIRC, not all clients support this method of securing oper status.
Your IP:
Your Country:
Your Country: