Pibby
| Version | : | 0.0.3 alpha |
| Author | : | Susam Pal |
| License | : | GPLv3 |
Pibby is an IRC bot written in Python. I wrote this to guard a channel
and make sure that an authorized user can op himself when he joins the
chanel. Currently it is a single-user bot with support for only one
superuser password for authentication. Since I wrote it for some private
IRC networks I use and it works well for what I need, the development is
slow. Read the todo.txt file in the project directory to
see a list of bugs and further development plans.
There is a major security bug in the current alpha release which is worth mentioning. The bot authenticates a user based on his password. It uses the nick of the user as the identity and creates a session associated with the nick. The bot kills the user's session when he is not found any more. This is important so that after the authenticated user has left, another user can not use the privileged commands of the bot by changing his nick to the authenticated nick. Currently, it kills the session, when the user leaves (IRC PART command) or quits (IRC QUIT command) all the channels, the bot is guarding. But the session is not killed when the authenticated user changes his nick. So, another user can execute privileged commands by acquiring the authenticated nick when the actual authenticated user changes his nick.
