• Read Mail loadable module: No way to read other user's personal mail/

    From Digital Man@1:103/705 to Eric Oulashin on Thursday, February 09, 2023 12:02:23
    Re: Read Mail loadable module: No way to read other user's personal mail/s
    By: Eric Oulashin to GitLab note in main/sbbs on Thu Feb 09 2023 09:26 am

    It makes sense that Synchronet would consider "admin" to be me, but it seems that someone was able to create a new user account with the name/handle as "admin".

    I don't think Synchronet as considering "admin" to be you, but rather, if you specify a usernumber or alias that can't be found (or is a deleted user record, at least up until those last couple commits) - then it the user editor would default to displaying user #1.
    --
    digital man (rob)

    Sling Blade quote #23:
    Karl: I reckon I'm gonna have to get used to looking at pretty people.
    Norco, CA WX: 73.9F, 17.0% humidity, 5 mph W wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Gamgee on Thursday, February 09, 2023 16:42:31
    Re: Read Mail loadable module: No way to read other user's personal mail/s
    By: Gamgee to Eric Oulashin on Thu Feb 09 2023 06:15 pm

    Eric Oulashin wrote to GitLab note in main/sbbs <=-

    <SNIP>

    It makes sense that Synchronet would consider "admin" to be me,
    but it seems that someone was able to create a new user account
    with the name/handle as "admin".

    Strange, that shouldn't be possible assuming "admin" is in your ../text/name.can file (it is there by default).

    That wasn't always the case though: https://gitlab.synchro.net/main/sbbs/-/commits/master/text/name.can

    If a sysop's SBBS install is 11+ years old, they wouldn't have "admin" in there (and many other diallowed user names).
    --
    digital man (rob)

    Synchronet "Real Fact" #106:
    You're missing the action in #synchronet at irc.synchro.net!
    Norco, CA WX: 73.6F, 16.0% humidity, 7 mph SSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Nightfox@1:103/705 to Gamgee on Thursday, February 09, 2023 16:48:47
    Re: Read Mail loadable module: No way to read other user's personal mail/s
    By: Gamgee to Eric Oulashin on Thu Feb 09 2023 06:15 pm

    but it seems that someone was able to create a new user account
    with the name/handle as "admin".

    Strange, that shouldn't be possible assuming "admin" is in your ../text/name.can file (it is there by default).

    It's not in my name.can. I've been using Synchronet since 2007, and maybe "admin" was added to name.can some time after I started using it?

    I've added it now though.

    Nightfox

    ---
    Synchronet Digital Distortion: digitaldistortionbbs.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Gamgee@1:103/705 to Digital Man on Friday, February 10, 2023 07:39:00
    Digital Man wrote to Gamgee <=-

    It makes sense that Synchronet would consider "admin" to be me,
    but it seems that someone was able to create a new user account
    with the name/handle as "admin".

    Strange, that shouldn't be possible assuming "admin" is in your ../text/name.can file (it is there by default).

    That wasn't always the case though: https://gitlab.synchro.net/main/sbbs/-/commits/master/text/name.can

    Ahhhh, excellent.

    If a sysop's SBBS install is 11+ years old, they wouldn't have
    "admin" in there (and many other diallowed user names).

    Yep, that makes sense. I'm thinking there aren't that many who wouldn't
    have done a fresh install in that long (for whatever reason). ;-)



    ... Press any key to continue or any other key to quit
    --- MultiMail/Linux v0.52
    Synchronet Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Gamgee@1:103/705 to Nightfox on Friday, February 10, 2023 07:41:00
    Nightfox wrote to Gamgee <=-

    but it seems that someone was able to create a new user account
    with the name/handle as "admin".

    Strange, that shouldn't be possible assuming "admin" is in your ../text/name.can file (it is there by default).

    It's not in my name.can. I've been using Synchronet since 2007,
    and maybe "admin" was added to name.can some time after I started
    using it?

    Yes, that seems to be the case. DigitalMan replied here and showed a
    gitlab commit from 2011 where that name (and many others) were added.

    I've added it now though.

    It would probably be a good idea to grab the latest name.can from the
    repo and use it, as there are a lot of other additions to the file
    too...



    ... Press any key to continue or any other key to quit
    --- MultiMail/Linux v0.52
    Synchronet Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)