Open-link network?

Ridefisken · Post by **Ridefisken** » Wed Dec 22, 2004 12:37 pm

I'm planning to start a "open-link" network, permitting anyone to link to our main hub.
The thing is, that i don't want anyone but my own O:lines to become a global oper - that would result in chaos.
Is there any way i can make specific oper flags on my leaf nodes inaccessible?

codemastr · Post by **codemastr** » Wed Dec 22, 2004 6:20 pm

aquanight · Post by **aquanight** » Wed Dec 22, 2004 6:26 pm

What ever happened to link::options::quarantine (documented that "opers on the quarantined server maintain local oper status")? :/

codemastr · Post by **codemastr** » Wed Dec 22, 2004 7:56 pm

Well, you see, there are always going to be ways around that. Those features relies on the servers "playing nice." Basically, something like HubA tells LeafA "please don't make any of your opers global." Now, if LeafA is a "bad" server, it can just ignore that request. Hence, there still needs to be a degree of trust.

aquanight · Post by **aquanight** » Wed Dec 22, 2004 8:07 pm

I would think quarantine would be enforced "agressively" (eg, hub rejects MODE +o / KILL / TKL + G / operoverride / etc)?

codemastr · Post by **codemastr** » Wed Dec 22, 2004 9:43 pm

Well yes, but, there are some things you can still get around. Remember, oper flags are NOT sent to remote servers. So you can set operflags on yourself that remote servers won't have the ability to reject (they are only seen from the local server). Of course, you could also, again use a "bad server" to cause problems. You tell me I can't kill remote users. So I make /skill which, instead of sending :me KILL someguy :bye sends :my.server.com KILL someguy :bye hence allowing it through (servers are always allowed to kill). You really can't provide complete safety this way.