[srvx-bugs] [ srvx-Bugs-2924219 ] cmd_mdel_user might allow helpers more than it should
Brought to you by:
entrope
Menu
▾
▴
[srvx-bugs] [ srvx-Bugs-2924219 ] cmd_mdel_user might allow helpers more than it should
|
From: SourceForge.net <no...@so...> - 2009-12-31 16:45:58
|
Bugs item #2924219, was opened at 2009-12-31 17:45 Message generated for change (Tracker Item Submitted) made by zerofighte You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=403001&aid=2924219&group_id=31654 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: ChanServ Group: 1.4 Status: Open Resolution: None Priority: 5 Private: No Submitted By: ZeRoFiGhter (zerofighte) Assigned to: Zoot (zoot) Summary: cmd_mdel_user might allow helpers more than it should Initial Comment: Hi, in cmd_mdel_user you have this check: if((actor->access <= max_access) && !IsHelping(user)) this potentielly allows helpers to override in nodelete channels. As far as i see it is prevented by the default bindings and access restrictions, but we currently think to implement a more generic mdeluser command (additinal to mdelpeon etc.) where you can supply the range yourself. It should be fixed by removing the IsHelping check. actor->access already is Helper access by GetChannelUser if the user is allowed to override (with respect to nodelete), so this check is not needed. Szenario to test: use modcmd to allow usage of mdelcoowner with channel_access 300 use !mdelcoowner in a nodelete chan (while having 300 access and flag +g without nodelete opserv level) and it will work without that check it won't work. version: 1.4 latest git ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=403001&aid=2924219&group_id=31654 |
