[IRCServices] /ns ghost exploit

Andrew Church achurch at achurch.org
Thu Mar 14 19:17:00 PST 2002 

     C'est la vie; I don't see this as a problem Services needs to handle.
If you have particular users doing this and it annoys other users, deal
with the trouble causers individually.

  --Andrew Church
    achurch at achurch.org
    http://achurch.org/

>> Andrew Church wrote
>>      Services does not use SVSKILL in the first place, 
>
>Sorry, my mistake. I meant Services will issue a kill for that user.
>
>> and 
>> does not allow
>> GHOST anyway without a password unless the calling user is on 
>> the access
>> list of the target nick _and_ the nick does not have the 
>> SECURE option set.
>
>I know this. It still does not prevent a user using services to kill 
>another user just because they happen to use their nickname.
>
>Nick A register A and also registers or links B, C, D, E.
>
>A new user connects using nick B and would get the usual warning from 
>services. However, before they have the opportunity to choose a new 
>nickname, A who is identified and has the password for B issues /ns ghost B 
>password either manually or from a script which kills that user from the 
>network. I didn't highlight a problem with the way services checks a users 
>right to issue the command, merely in the way that the command is open to 
>abuse. 
>
>> Have you modified Services?
>
>No. 
>
>Mark.
>
>> 
>>   --Andrew Church
>>     achurch at achurch.org
>>     http://achurch.org/
>> 
>> >Something I recently became aware of was users "abusing" the 
>> ghost command. 
>> >
>> >When the ghost command is issued, Services will SVSKILL the 
>> user from the 
>> >network. However, the new trend appears to be setting up a 
>> notify script, 
>> >which will automatically ghost any user trying to use a 
>> given nickname. 
>> >This quickly became popular. How this came to my attention 
>> is that a new 
>> >user was trying to access the network but was repeatedly 
>> killed by the 
>> >ghost command. 
>> >
>> >Use of "kill immediate" should be sufficient for those users 
>> who do not 
>> >want people using their nicknames and can be handled by 
>> services with a 
>> >nick change so I do not see use of the command in this manner as 
>> >beneficial. 
>> >
>> >One way to remove this exploit which seems the least complex 
>> to actually 
>> >manage is to only trigger the ghost if the target is 
>> currently identified. 
>> >
>> >This would mean that in the event a user got disconnected 
>> before they were 
>> >able to identify, they would be unable to remove a real 'ghost' on 
>> >reconnect with the ghost command, but they could use 'recover' 
>> >and 'release' instead. I believe that the 'recover' will 
>> "guest" a user 
>> >where NSForceNickChange is enabled.
>> >
>> >-- 
>> >Mark.
>
>-- 
>Mark.
>
>
>------------------------------------------------------------------
>To unsubscribe or change your subscription options, visit:
>http://www.ircservices.za.net/mailman/listinfo/ircservices