#7 encrypted znc.conf

closed
nobody
Engine (16)
5
2008-05-01
2006-03-27
kovenant
No

Add the possibility to encrypt znc.conf so that ircd
passwords for example are not visible in plaintext.

Discussion

  • Nobody/Anonymous

    Logged In: NO

    maybe using blowcrypt principle ?

    as example, the idea of keyx with master user to unlock the config file.

    bnc starts and waits for user to login, then a keyxchange takes place
    and it can load user modes and read channels + keys
    so if it starts up, it needs to have a keyxchange with the client
    then after that it can decrypt the config

    it should partially start enough to receive clients but not to join irc
    so that part would only be activated after the blowfish keyxchange
    and this can be done per client or if they preffer
    it can be linked to the master account when you start

    if the bnc service broke
    then you need admin intervention anyway to restart it
    so then you might as well do a new keyxchange

     
  • Nobody/Anonymous

    Logged In: NO

    like same way as psybnc, just the channel passwords are encrypted.
    on public/shared shells, it happens many times users been able to browse and read others users private folders.
    default setting allow them to do that. the user installing znc doesn't think of this and does not chmod his own dir , anybody can read znc.conf
    or at least changing znc.conf attribs after the "make install"

     
  • Psychon

    Psychon - 2008-05-01

    Logged In: YES
    user_id=1654410
    Originator: NO

    @first propsal:
    How do we bind to some port if we don't know which one because the config is encrypted? How does a user log in if we don't know any user names, password etc?

    @second:
    znc.conf is always created with mode 0600, ~/.znc is always 0700. So this means other users can't access anything in your datadir anyway (I just checked).

    And I don't really see much sense in doing this. The use/effort ratio is quite low. It still doesn't protect you from root modifing ZNC to dump all passwords and other's can't access anything anyway.

    Since nothing happened on this for 2 years and I don't think much will happen, I'll close this.

    psychon

     
  • Psychon

    Psychon - 2008-05-01
    • status: open --> closed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks