regular user can check module wihtout be an oper

narrakka · Post by **narrakka** » Sat Dec 04, 2004 8:46 am

hello..
can someone please describe about this matter. Is it can give harm to server or not when regular user can look up all the modules that been load in IRCD with command just simple command /module. All module can be seen without
login as an oper.

DeadNotBuried · Post by **DeadNotBuried** » Sat Dec 04, 2004 10:20 am

thats how the command works by design, EVERYONE can use it to see what modules have been loaded.

codemastr · Post by **codemastr** » Sat Dec 04, 2004 5:17 pm

The purpose of this is to prevent you from loading spy modules and not allowing the users to know about it.

narrakka · Post by **narrakka** » Wed Dec 08, 2004 6:16 am

so thats mean there is no harm for ircd when regular user can see what type of module that been loaded.

aquanight · Post by **aquanight** » Wed Dec 08, 2004 6:47 pm

It's also good so that users can know what extensions your ircd supports (for example, if I wanted to be able to just set the PrivDeaf (+D) mode, I'd need to first check if the privdeaf module is loaded, and if not, resort to /silence *

). Some might say it's better to publicize this information somewhere like the MOTD (yeah right) or a public website (perhaps an httpd just running on the same machine?), but /module works just fine

.

By the way, the extra info (like the author and module version) is only visible to ircops. Normal users see only the name and description.

medice · Post by **medice** » Thu Dec 09, 2004 10:19 am

the only harm i can imagine is a buggy module which includes exploits etc. (i don't any - but this does not mean, that there aren't any...)
but its in the server-admins responsibility to check the security risks of his software imo...