mIRC Home    About    Download    Register    News    Help

Print Thread
#259185 13/10/16 06:25 PM
Joined: Nov 2004
Posts: 842
Jigsy Offline OP
Hoopy frood
OP Offline
Hoopy frood
Joined: Nov 2004
Posts: 842
Whilst the trust list prevents you from being exploited, it could be exploited by those on other networks who match similar patterns on other networks.

Would it be possible to include networks to make it more limited?

E.g.

nick1*!*@* networkA
nick2*!*@* networkB


What do you do at the end of the world? Are you busy? Will you save us?
Joined: Aug 2003
Posts: 319
P
Pan-dimensional mouse
Offline
Pan-dimensional mouse
P
Joined: Aug 2003
Posts: 319
I agree with this sentiment. Having a trust entry that crosses networks is a security hole, particularly if the user has a trust entry like nick!user@* (which is often necessary because the host changes when a user logs off and logs on again).

So, suppose there was a user-x on network-1 that trusted user-y, and I knew that he also was a user on network-2, then I could log in to network-2 with the same nickname/username and I would be trusted and could then send a malicious file which would be accepted automatically by the user.

IMO, this is a non-trivial security hole which needs to be fixed.

So what is needed is to make the trust list per network through the UI and to make $trust work only on the active connection (i.e. a script needs to switch connections with scid to get trust lists from other connections).

Last edited by Protopia; 28/06/17 09:31 PM.

Link Copied to Clipboard