[IRCServices] Network Policies..

Craig Edwards brain at brainbox.winbot.co.uk
Mon Nov 18 19:28:00 PST 2002 

Sometimes this is not possible - lets take for example a hypothetical situation where server may be compromised by crackers. You'd trust the admins running the server, but someone would be in control of the server secretly who you probably dont know, and certainly dont trust. In this case their first action may be to set up an oper with reasonably high privilages and "play around" with it. This system would prevent such a situation by immediately de-opering any such abusers as soon as it saw them, unless the policy actually said they could oper up. 

To summarise: In an ideal world, you can trust all your admins. I choose not to, it isnt an ideal world ;) No amount of vetting procedures such as those seen on large nets can prevent this happening, maybe this kind of system would help a little, and a little is better than nothing at all.

>>We had a problem on our network with a "Server Administrator" with shell access to his server, slowly setting his network access higher, to Services admin, he also added the "globalroute" ability on his oper{} and started squitting some of our servers.. w
>>e promptly removed his server from the map.. it brought us to thinking.. Would there be a way to prevent this occuring in the future, some times server admins, sometimes friends, appear nice, and give you a server, then turn on you.. We originally started
>> thinking of introducing "Policies" on our IRCd, but then Brain` came up with the idea of coding it into services.. OperServ or a new services would be able to control other opers, and make sure their privs havnt been changed without permission, obviously
>> this has its problems, but we should be able to solve them.. The main Questions are..
>>
>>Would you use it?
>>Should it be intergrated into OperServ or a new Service Created?
>>Should the Opers be handled via Config, or thru a database?
>>
>>-----------------------------------------------------------------------  
>>Craig McLure - Craig at chatspike.net
>>ChatSpike - The users network: http://www.chatspike.net  
>>InspIRCd - Modular IRC server: http://www.inspircd.org
>>-----------------------------------------------------------------------
>>
>>
>>
>------------------------------------------------------------------
>To unsubscribe or change your subscription options, visit:
>http://www.ircservices.za.net/mailman/listinfo/ircservices