search

apertium / phenny

This is a port of phenny, a Python IRC bot, to Python3. This specific version, called begiak, is a fork of the Wadsworth version, used by the apertium project.
http://wiki.apertium.org/wiki/Begiak
Other
16 stars 42 forks source link

Secure admin access #534

Open kj7rrv opened 4 years ago

kj7rrv commented 4 years ago

This is a pretty major security bug. Anyone can become admin if one of the admins if offline. Suppose firespeaker (@jonorthwash), who is an admin, is offline. Anyone (literally ANYONE) can take over admin access:

/nick firespeaker
/msg begiak .something

NickServ enforce mode is not effective, because you can do damage in under 30 seconds, especially with an attack bot. Simply putting the following text into netcat connected to freenode port 6667 is an exploit (using the example of shutting down the git server and giving me a greeting):

USER begiak-attacker 0 * :Begiak Attacker
NICK firespeaker
PRIVMSG begiak :.gitserver stop
PRIVMSG begiak :.greeting add scoopgracie b3g1ak 1s pwn3d

We should ask NickServ if the person is identified before allowing admin access. The "Last seen" field says "now" if the person is online and identified.

I also suggest that we create a new method, phenny.is_admin(nick), to check if nick is an adm in. This would replace modules checking the admin list. Modules using a method would allow us to replace the admin-rights system quite easily.

sushain97 commented 4 years ago

That's why admins should have registered nicks.

kj7rrv commented 4 years ago

I still think this needs a fix.

kj7rrv commented 4 years ago

There has been some discussion on IRC, and we need to discuss solutions. We need to

  1. Do something with NickServ to add protection,
  2. Create a dedicated admin nick and not use it in public channels to keep it a secret, or
  3. Use a different mechanism altogether.
wei2912 commented 4 years ago

I'd recommend only allowing admin if the person has been verified by NickServ. This would require an additional command to NickServ.

(note from @scoopgracie: I removed a part referring to comments I made and deleted) On Thu, 23 Jan 2020, 00:08 scoopgracie, notifications@github.com wrote:

There has been some discussion on IRC, and we need to discuss solutions. We need to

  1. Do something with NickServ to add protection,
  2. Create a dedicated admin nick and not use it in public channels to keep it a secret, or
  3. Use a different mechanism altogether.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/apertium/phenny/issues/534?email_source=notifications&email_token=AAPZPF5GHRKET62BFIME3LLQ7BVQLA5CNFSM4KC4KHZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJUESJQ#issuecomment-577259814, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPZPF7QWL3HZ4CA7VEAZJDQ7BVQLANCNFSM4KC4KHZA .

kj7rrv commented 4 years ago

I think NickServ verification is a good idea.

kj7rrv commented 4 years ago

Another thought is to replace all admin commands with a Web panel.

kj7rrv commented 4 years ago

Or, only let admin commands work in a special channel in which only admins are invited. This would have the added benefit of letting admins other than those with server access grant/revoke adminship.