On Friday 28 October 2005 14:40, Andrew Miller wrote: > Progs wrote: > >If I have two servers, AA and AB, with AAAAA and ABAAA on #foo, a +D > > channel. AAAAA is delayed on #foo and ABAAA is +d. > >There are only AAAAA and ABAAA in #foo. > >When AAAAA speaks on #foo, ABAAA is +d so AB doesn't receive message, so > > ABAAA doesn't see AAAAA's join. > > > >Bug or feature ?:) > > This could be used to build a map of the network and determine where the > hubs are. Anything which breaks HIS that bad is a bug.
Only if you allow users on the hubs though. Else, it might still reveal which server someone is on, if they're on a small +D channel... but that pretty far-fetched. In my opinion, this isn't really a security problem, fixing it would just mean a little bit more obscurity. But anyways, the problem is who is delayed or not depends on which messages arrive at the server, which gives away info about which server users or on, and about the structure of the network. Your fix B, C, D and E deal with deaf users, but the problem isn't caused by deaf users at all. Instead of being deaf, they can just not be on the channel, and do a quick join&part in the channel to see who is non-delayed. Or just do a /whois on the users. Fix A does look like a real fix to me. (but I don't think it's worth the effort and extra complexity). Wouter aka coekie.
pgpn5SIk2H6Iy.pgp
Description: PGP signature
_______________________________________________ Coder-com mailing list Coder-com@undernet.org http://undernet.sbg.org/mailman/listinfo/coder-com
