Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-17419] Added new configuration option to disallow bot commands from private chat. #6

Merged
merged 2 commits into from
May 21, 2013
Merged

[JENKINS-17419] Added new configuration option to disallow bot commands from private chat. #6

merged 2 commits into from
May 21, 2013

Conversation

askeing
Copy link
Contributor

@askeing askeing commented Mar 31, 2013

No description provided.

@buildhive
Copy link

Jenkins » ircbot-plugin #2 SUCCESS
This pull request looks good
(what's this?)

@buildhive
Copy link

Jenkins » ircbot-plugin #3 SUCCESS
This pull request looks good
(what's this?)

@kutzi
Copy link
Member

kutzi commented Mar 31, 2013

What's the reasoning for this?
Why is it a problem that commands are allowed from private chats?

@askeing
Copy link
Contributor Author

askeing commented Mar 31, 2013

If we want to restrict IRC bot commands to unauthorized users (JENKINS-5931), we can disable commands for a chatroom (JENKINS-11606). But unauthorized users still can send commands to ircbot by private chat.
So in my opinion, if we add configuration option to disable private, we can control the usage of commands.

@askeing
Copy link
Contributor Author

askeing commented Mar 31, 2013

For example:

Channels:
  - channel-notify / no-pwd / notify-only
  - channel-adm / with-pwd / disable-notify-only

Unauthorized users can get notifications in channel-notify room, and admin can control jenkins in channel-adm room.
If ircbot allow commands from private chat, although the unauthorized users cannot join channel-adm, but they still can send commands by private chat (ex: /msg ircbot !jenkins abort job).

@kutzi
Copy link
Member

kutzi commented Apr 2, 2013

Hmm, yes I see. That's kind of a hole in the security model.
Isn't it possible to detect which chatroom a private message originated from?

@askeing
Copy link
Contributor Author

askeing commented Apr 3, 2013

I think there is no information about from which chatroom in private messages.
IRC Protocol: http://tools.ietf.org/rfc/rfc1459.txt

kutzi added a commit that referenced this pull request May 21, 2013
@kutzi
Merge pull request #6 from askeing/disallowPrivateChatCommands
1514125 
[JENKINS-17419] Added new configuration option to disallow bot commands from private chat.
@kutzi kutzi merged commit 1514125 into jenkinsci:master May 21, 2013
jimklimov added a commit that referenced this pull request Sep 27, 2021
@jimklimov
Merge pull request #6 from jimklimov/dependabot/maven/org.jenkins-ci.…
bb4582b 
…plugins-plugin-4.27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@askeing @buildhive @kutzi