Re: Having fun with eggdrop bot

chotaireCHOTAIRE.NET

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Aleph One: "DDB/securelevel"
• Previous message: Erik Troan: "rpm 2.4.6 (with /tmp fixes)"
• In reply to: The Nolander: "Re: Having fun with eggdrop bot"

At 19:43 29.08.97 +0200, you wrote:

>> Eggdrops bots can access files all over the system if you're owner and

>> the bot runs with root permissions.

>

>1) who runs a bot as root?

>2) who gives away owner-access?


I have come across many bots being run as root. So people should look out. And in earlier versions of Eggdrop there is one serious bug to become OWNER when someone has master access. I will demonstrate on eggdrop 0.9p, this bug still works in lotsa newer versions aswell:


.set owner Chotaire

.chattr Chotaire +n


When another owner tries to remove your owner and master access, you will still be able to re-"own" yourself unless they have detected you in the .set owner variable.


That's it...


Now for FIXING YOUR TCL problem, take a look at this one...


$eggdrop/src/eggdrop.h

#undef ENABLE_TCL


recompile your bot, and that's it... no more problems.


Regards...


Chotaire

Eggdrop Guru since 1993



~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~

 <bold>Chotaire</bold>                                 E-Mail:
chotairechotaire.net

 Network Operator                        IRC:  irc.majesty.de
(Chotaire)

 Administrative Manager                Private:
http://www.chotaire.net

 <italic>Majesty Net Solutions GmbH</italic> - On the 7th day, god was
busy surfing the net

~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~

• Next message: Aleph One: "DDB/securelevel"
• Previous message: Erik Troan: "rpm 2.4.6 (with /tmp fixes)"
• In reply to: The Nolander: "Re: Having fun with eggdrop bot"