#11 auto-op too general

closed-wont-fix
nobody
5
2001-05-02
2001-05-02
No

The auto-op system with regex is way too open. When somebody joins, it checks first the username and host, and then _only_ the host. The host regexp must be kept pretty open for people with dynamic IPs (for example, my host name is ~per@adsl-33451.turboline.skynet.be, and I'm sure that'll change on my next logon).

So, when checking those regexes, the system is kept open to anyone joining from the same ISP as me. For example, I use the regex .*@.*\.turboline\.skynet\.be, so anyone using Skynet's ADSL service would be auto-opped.

Furthermore, the same type of checking is not done in the on_prinvmsg() method, there it only checks the username _and_ host match.

So, my suggestion would be to remove this part in the on_join method(indenting may be wrong):

except KeyError:

#remove from here: -----
for ii in a2kconf.op.keys():
if a2kconf.op[ii].search(userhost):
self.ircobj.execute_delayed(a2kconf.opdelay,self.make_chanop,(connection,whonick))
# --- and to here

Discussion

  • Mark Cornick
    Mark Cornick
    2001-05-02

    • status: open --> closed-wont-fix
     
  • Mark Cornick
    Mark Cornick
    2001-05-02

    Logged In: YES
    user_id=247

    Development and support for A2K/Accutron 2000 has ended. The code
    is under GPL, so you are welcome to make any fixes and/or
    distribute your fixed version. However, no changes will be made
    here.

     
  • Logged In: YES
    user_id=115971

    This bug has been fixed in CVS. Checkout a copy if you want the fixed. It'll go into the next release of A2K.