Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Services can't differentiate between /msg nick@server and /msg nick #319

Closed
attilamolnar opened this Issue · 5 comments

3 participants

@attilamolnar
Owner

this means that strict privmsg in anope + inspircd doesn't work

solution: inspircd should forward these messages to the destination in a way that the destination knows the message was sent this way

PPRIVMSG jto@tolsun.oulu.fi :Hello ! ; Message to a client on server tolsun.oulu.fi with username of "jto".

@CuleX

I'd consider this a major issue. Failing to prove nick@server messaging may affect the users' security if the qlines for services nicks are not properly set up and/or an oper removes said qlines in order to steal services passwords.

@attilamolnar

what you're saying is not possible because inspircd does check whether the part after the @ is really the server of the nick before the @, but the server to server protocol doesn't differentiate between PRIVMSG nick@server and PRIVMSG nick, hence services cannot know how the message was sent originally

@CuleX

Given that InspIRCd apparently does do its checks, this isn't an issue at all. InspIRCd should not cater to other projects by modifying S2S protocol.

@attilamolnar attilamolnar added wontfix and removed bug labels
@attilamolnar attilamolnar changed the title from /msg nick@server does not work properly to Services can't differentiate between /msg nick@server and /msg nick
@attilamolnar attilamolnar removed the wontfix label
@Shawn-Smith

InspIRCd should not cater to other projects by modifying S2S protocol.

This is actually from RFC1459.

Edit :: Uhh, GitHub said this issue was recently updated, but the last post is over a year ago? Oops?

@attilamolnar

Protocol changes for PRIVMSG aren't worth the trouble, the strict privmsg feature can be emulated with a module providing an extension and services setting it for its own clients using METADATA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.