This patch makes it possible to scrub incomming CTCP commands from other servers and clients alike. The ngircd oper can enable it from the config file, by adding "ScrubCTCP = yes" under [FEATURES]. It is default off.
CTCP can be used to profile IRC users (get user clients name and version, and also their IP addresses). This is not something we like to happen when user pseudonymity/secrecy is important.
The server silently drops incomming CTCP requests from both other servers and from users. The server that scrubs CTCP will not forward the CTCP requests to other servers in the network either, which can spell trouble if not every oper knows about the CTCP-scrubbing. Scrubbing CTCP commands also means that it is not possible to send files between users.
There is one exception to the CTCP scrubbing performed: ACTION ("/me commands") requests are not scrubbed. ACTION is not dangerous to users (unless they use OTR, which does not encrypt CTCP requests) and most users would be confused if they were just dropped.
A CTCP request looks like this:
ctcp_char, COMMAND, arg0, arg1, arg2, .. argN, ctcp_char
ctcp_char is 0x01. (just like bold is 0x02 and color is 0x03.)
They are sent as part of a message and can be delivered to channels and users alike.
If there is any error in what I just said, please tell me :D
Attached is the patch for ScrubCTCP. I am not that good at writing patches. This is actually my very first one for a real project. So please be patient with me :)
Hi xor!
The patch is fine with me (although reversed, it removes ScrubCTCP).
But.
It only adds the functionality in ngIRCd, documentation in doc/sample-ngircd.conf.tmpl and the manual page man/ngircd.conf.5.tmpl is missing.
@Florian: we can apply it if anyone contributes the missing bits ;-)
Regards Alex
Am 10.06.2011 um 21:39 schrieb xor:
This patch makes it possible to scrub incomming CTCP commands from other servers and clients alike. The ngircd oper can enable it from the config file, by adding "ScrubCTCP = yes" under [FEATURES]. It is default off.
CTCP can be used to profile IRC users (get user clients name and version, and also their IP addresses). This is not something we like to happen when user pseudonymity/secrecy is important.
The server silently drops incomming CTCP requests from both other servers and from users. The server that scrubs CTCP will not forward the CTCP requests to other servers in the network either, which can spell trouble if not every oper knows about the CTCP-scrubbing. Scrubbing CTCP commands also means that it is not possible to send files between users.
There is one exception to the CTCP scrubbing performed: ACTION ("/me commands") requests are not scrubbed. ACTION is not dangerous to users (unless they use OTR, which does not encrypt CTCP requests) and most users would be confused if they were just dropped.
A CTCP request looks like this:
ctcp_char, COMMAND, arg0, arg1, arg2, .. argN, ctcp_char
ctcp_char is 0x01. (just like bold is 0x02 and color is 0x03.)
They are sent as part of a message and can be delivered to channels and users alike.
If there is any error in what I just said, please tell me :D
Attached is the patch for ScrubCTCP. I am not that good at writing patches. This is actually my very first one for a real project. So please be patient with me :)
-
Alexander Barton -
xor