Add the possibility to encrypt znc.conf so that ircd
passwords for example are not visible in plaintext.
Logged In: NO
maybe using blowcrypt principle ?
as example, the idea of keyx with master user to unlock the config file.
bnc starts and waits for user to login, then a keyxchange takes place
and it can load user modes and read channels + keys
so if it starts up, it needs to have a keyxchange with the client
then after that it can decrypt the config
it should partially start enough to receive clients but not to join irc
so that part would only be activated after the blowfish keyxchange
and this can be done per client or if they preffer
it can be linked to the master account when you start
if the bnc service broke
then you need admin intervention anyway to restart it
so then you might as well do a new keyxchange
like same way as psybnc, just the channel passwords are encrypted.
on public/shared shells, it happens many times users been able to browse and read others users private folders.
default setting allow them to do that. the user installing znc doesn't think of this and does not chmod his own dir , anybody can read znc.conf
or at least changing znc.conf attribs after the "make install"
Logged In: YES
How do we bind to some port if we don't know which one because the config is encrypted? How does a user log in if we don't know any user names, password etc?
znc.conf is always created with mode 0600, ~/.znc is always 0700. So this means other users can't access anything in your datadir anyway (I just checked).
And I don't really see much sense in doing this. The use/effort ratio is quite low. It still doesn't protect you from root modifing ZNC to dump all passwords and other's can't access anything anyway.
Since nothing happened on this for 2 years and I don't think much will happen, I'll close this.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.