[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200307082231.45576.rob@anope.org>
Date: Tue, 8 Jul 2003 22:31:39 +0100
From: Rob <rob@...pe.org>
To: bugtraq@...urityfocus.com
Subject: Re: Unrealircd & Anope services - join segmentation fault in operserv.c
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 08 July 2003 8:14 am, Lethalman wrote:
> If an admin say this command: '/msg operserv raw
>
> :nickserv join #chan' NickServ join in that chan, ok.
>
> If the command was: '/msg operserv raw : join #chan'
> ircd go to SEGFAULT. Why?
*snip*
Anope's FAQ file (included with all .tar.gz's and on the CVS server) clearly
stats:
30. When I used the OperServ RAW command, Anope and/or my network
crashed, or did weird things! Please fix this bug!
"That's not a bug, it's a feature."
Have you ever typed /msg OperServ HELP RAW? It's clearly stated
there that this command is dangerous and that its use may result
in very bad things.
And that's why this command has been disabled by default. If you
enabled and used it, YOU'RE ON YOUR OWN. All help requests will
be ignored, even if the problem happens not immediately.
And the example.conf file in both Anope 1.4.x and 1.5.x series have the
following directive included by default:
# DisableRaw [RECOMMENDED]
#
# Disables the highly destructive OperServ RAW command.
DisableRaw
Even with this command enabled, its use is limited to services admins, who
need to be both /oper'ed with the ircd, and identified to services before
they can issue a command. On a side note, there is also a config option to
wallop the use of RAW to all other opers on the network, and its use is
always logged in the log files.
This "issue" can only be issued after a server has successfully connected to a
network - passing all the authentication checks in the ircd - in this case
Unreal - as such, it is not completely unreasonable for the ircd to assume it
can "trust" the format of the messages, as user input is identified in the
messages, as laid out in the RFC.
I don't really see a big problem in ircd's saving some processing power by
trusting messages from already authenticated server.
As for the solutions offered, its highly unlikely Anope will be filtering RAW
commands, the whole point of them is to send a raw un-filtered message
directly to the ircd. We already make it close to impossible for someone to
have RAW enabled and not know it could be destructive...
p.s. - if you had contacted Anope at all before posting this, we could have
told you this, and saved you the trouble of posting at all..... still
notifying developers, at all, before a public announcement must be out of
fashion this season or something ;-)
- --
Rob - Anope developer
irc.anope.org #anope
GnuPG key: 1024D/309586CA
Fingerprint: 952A 4EB9 CC81 F30A 35CF D473 BF12 FD80 3095 86CA
Key available at http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD4DBQE/CzhAvxL9gDCVhsoRAjTUAJiGsDaHekSfQsj8UQoCj5RhHS3uAKDNRyq8
v1AEzuGCYNO8AnGjB+Xz+g==
=XACj
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists