m_soper will crash the Unreal3.2.8.1

These are old archives. They are kept for historic purposes only.
Post Reply
Han`
Posts: 5
Joined: Sun Aug 05, 2007 8:50 pm

m_soper will crash the Unreal3.2.8.1

Post by Han` »

When you dont set the optional settings of m_soper , m_soper will crash the server
when an Oper connect

Greets Han`
Casper
Posts: 338
Joined: Sun Jul 08, 2007 7:44 am
Location: The Netherlands

Re: m_soper will crash the Unreal3.2.8.1

Post by Casper »

Just set the optional settings then ;)

People will just find out when they load the module to their testserver =]
Ex Network-Administrator
katsklaw
Posts: 1124
Joined: Sun Apr 18, 2004 5:06 pm
Contact:

Re: m_soper will crash the Unreal3.2.8.1

Post by katsklaw »

Users shouldn't be forced to use optional settings to prevent a crash. That's just bad advice. :roll:

Han` my advice is to try to contact the author about the problem. In the mean time I'll look into it to see if I can replicate/fix it.
katsklaw
Posts: 1124
Joined: Sun Apr 18, 2004 5:06 pm
Contact:

Re: m_soper will crash the Unreal3.2.8.1

Post by katsklaw »

UPDATE: I'm unable to duplicate this issue.
Han`
Posts: 5
Joined: Sun Aug 05, 2007 8:50 pm

Re: m_soper will crash the Unreal3.2.8.1

Post by Han` »

katsklaw wrote:Users shouldn't be forced to use optional settings to prevent a crash. That's just bad advice. :roll:
Han` my advice is to try to contact the author about the problem. In the mean time I'll look into it to see if I can replicate/fix it.
yeah true, but cloud is not reachable.
Information

The requested user does not exist.

I can show you the crash on my testnet, when you will

Greets Han`
katsklaw
Posts: 1124
Joined: Sun Apr 18, 2004 5:06 pm
Contact:

Re: m_soper will crash the Unreal3.2.8.1

Post by katsklaw »

seeing it from your testnet just disconnects me and gives me no information that is useful in troubleshooting.

try a GDB backtrace and paste it to a pastebin and give me the link and that might give me someplace to start.
Han`
Posts: 5
Joined: Sun Aug 05, 2007 8:50 pm

Re: m_soper will crash the Unreal3.2.8.1

Post by Han` »

here the gdb backtrace

Code: Select all

/* Check for secure connection */
if ((operexempt[0] != '\0') && !(sptr->umodes & UMODE_SECURE)) {
changed in

Code: Select all

if ((operexempt && (operexempt[0] != '\0')) && !(sptr->umodes & UMODE_SECURE)) {
problem solved
thx to DukePyrolator

Greets Han`
katsklaw
Posts: 1124
Joined: Sun Apr 18, 2004 5:06 pm
Contact:

Re: m_soper will crash the Unreal3.2.8.1

Post by katsklaw »

lol, I actually noticed that .. but didn't have the time to change it and test.

Glad you got it working.

ciao
ohnobinki
UnrealIRCd coder
Posts: 6
Joined: Mon Aug 03, 2009 1:54 am
Location: Middle Earth
Contact:

Re: m_soper on Unreal3.2.8.1

Post by ohnobinki »

Han` wrote:here the gdb backtrace

Code: Select all

/* Check for secure connection */
if ((operexempt[0] != '\0') && !(sptr->umodes & UMODE_SECURE)) {
changed in

Code: Select all

if ((operexempt && (operexempt[0] != '\0')) && !(sptr->umodes & UMODE_SECURE)) {
problem solved
thx to DukePyrolator
Actually, this aggravates the problem. If you require operexempt to be set to _something_ and to have strlen(operexempt) > 0 before checking if the mode is secure, you're skipping the SSL check altogether.

I have attacked this module and the results are at http://ohnopub.net/hg/unrealircd-module ... /m_soper.c . Any feedback on my changes or the module in general would be very much appreciated. If people are willing to give me positive feedback, I'll see if I can get syzop to put this into the ``official'' modules list (and thus replace the nonworking version ;-) ).
Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: m_soper will crash the Unreal3.2.8.1

Post by Stealth »

If you want opers to be required to use SSL, why don't you take your security one step further and require them to log in with SSL certificate authentication. It isn't too hard to set up, and requires no additional modules.

There are instructions here: http://forums.unrealircd.com/viewtopic.php?f=3&t=4181

My $0.02
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: m_soper will crash the Unreal3.2.8.1

Post by Jobe »

I'll second the sslclientcert option as the better sollution. In part because it comes as part of UnrealIRCd's core without the need for modules, and secondly because it doesnt compromise the oper password if the oper tries to /oper without using SSL (which the m_soper module cannot prevent)
Your IP: Image
Your Country: Image
katsklaw
Posts: 1124
Joined: Sun Apr 18, 2004 5:06 pm
Contact:

Re: m_soper will crash the Unreal3.2.8.1

Post by katsklaw »

IIRC, not all clients support this method of securing oper status.

Other things that CAN be done though that work on all or nearly all clients is/are:
1> *not* using plain text passwords in the config file.
2> Make it net policy that all opers use an ssl client port, take punitive action on those that don't ie remove their oper status.
3> insure all servers are connected via ssl (which should be a higher priority than ssl oper anyway for the paranoid) [this doesn't affect opering directly, but is a good security measure]
4> Use good passwords ie 546745ghrtHDF instead of JoeBob or myLeetpasswd
5> Require frequent password changes (every 60days or so)
6> Use oper names other than the users nick ie JoeOper has to type: /oper JoePenguins 365DFGHdfgh56fdg to oper up.
7> don't use *@* as oper hosts, use a stricter hostmask, trust me it does wonders. *pointing at a specific UnderNet blunder*

Security can be heightened just by adding more human element and less automation (read stop being so lazy). Simply being smarter about security will add a layer of security no module can provide.
Jobe
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Re: m_soper will crash the Unreal3.2.8.1

Post by Jobe »

katsklaw wrote:IIRC, not all clients support this method of securing oper status.
For those that don't stunnel is a viable option. I used stunnel for years with xchat before I found out how to use SSL client certs in xchat.
Your IP: Image
Your Country: Image
Post Reply