Bugtraq mailing list archives
Re: Having fun with eggdrop bot
From: chotaire () CHOTAIRE NET (-*- Chotaire -*-)
Date: Fri, 29 Aug 1997 22:32:33 +0200
At 19:43 29.08.97 +0200, you wrote:
Eggdrops bots can access files all over the system if you're owner and
the bot runs with root permissions.
1) who runs a bot as root?
2) who gives away owner-access?
I have come across many bots being run as root. So people should look out. And in earlier versions of Eggdrop there is one serious bug to become OWNER when someone has master access. I will demonstrate on eggdrop 0.9p, this bug still works in lotsa newer versions aswell: .set owner Chotaire .chattr Chotaire +n When another owner tries to remove your owner and master access, you will still be able to re-"own" yourself unless they have detected you in the .set owner variable. That's it... Now for FIXING YOUR TCL problem, take a look at this one... $eggdrop/src/eggdrop.h #undef ENABLE_TCL recompile your bot, and that's it... no more problems. Regards... Chotaire Eggdrop Guru since 1993 ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~ <bold>Chotaire</bold> E-Mail: chotaire () chotaire net Network Operator IRC: irc.majesty.de (Chotaire) Administrative Manager Private: http://www.chotaire.net <italic>Majesty Net Solutions GmbH</italic> - On the 7th day, god was busy surfing the net ~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
Current thread:
- Re: syslogd fun (erratum) Yuri Volobuev (Aug 28)
- Having fun with eggdrop bot Giuliano COCAINE (Aug 28)
- Re: Having fun with eggdrop bot The Nolander (Aug 29)
- Re: Having fun with eggdrop bot -*- Chotaire -*- (Aug 29)
- DDB/securelevel Aleph One (Aug 30)
- Re: DDB/securelevel Andrew Brown (Aug 30)
- Mac TCP/IP Stack glitch. nomad () APOLLO TOMCO NET (Aug 31)
- Re: Having fun with eggdrop bot The Nolander (Aug 29)
- Having fun with eggdrop bot Giuliano COCAINE (Aug 28)
- Re: syslogd fun (erratum) Theo de Raadt (Aug 28)
- SGI security patches Martin J. Dellwo (Aug 29)
- Somewhat of a security hole in CVS Elliot Lee (Aug 29)
- Re: Somewhat of a security hole in CVS Theo de Raadt (Aug 29)
- Re: Somewhat of a security hole in CVS Marc Slemko (Aug 29)
- rpm 2.4.6 (with /tmp fixes) Erik Troan (Aug 29)