diff --git a/use/capabilities.rst b/use/capabilities.rst index 67fb325..5c3c0f3 100644 --- a/use/capabilities.rst +++ b/use/capabilities.rst @@ -120,6 +120,7 @@ happen if someone gave the bot the command 're [format join "" s/./ [dict go] 'dict go' (14,896 characters!) with the entire output of 'dict go', resulting in 221MB of memory allocated! And that's not even the worst example! + Managing capabilities --------------------- diff --git a/use/security.rst b/use/security.rst index 1ff62f6..82ea3d0 100755 --- a/use/security.rst +++ b/use/security.rst @@ -114,3 +114,46 @@ Supported python versions Fingerprint checking and CA validation are available in all Python versions supported by Limnoria. + +Flooding via command abuse +========================== + +Limnoria answers at most one message per command, but its message can be +rather long (up to about 450 to 500 characters) for even a small command. + +If this is undesirable for you, you can take the following measures: + +* Limit the size of a single message with ``supybot.reply.mores.length``. +* Limit how many messages the ``@more`` command may be called to get + a response to a command: ``supybot.reply.mores.maximum`` +* Disable large error replies with ``supybot.reply.error.detailed`` and + ``supybot.reply.error.noCapability``, and/or + send them in private with ``supybot.reply.error.inPrivate``. +* And check out the various variables in ``supybot.abuse.flood``. + +For old bot configurations, you may also want to set the ``-scheduler`` +capability to prevent users from using the ``@scheduler add`` and +``@scheduler repeat`` commands (bot configurations created with Limnoria +versions greater than 2020.05.13 already have this by default). + +We also recommend you report users abusing your bot to network operators, +so they take extra measures against these users if this is against their +network's policy. + +Hardening +========= + +By default, Limnoria exposes much of its configuration. This is by design, +to improve discoverability and debugging. + +Again, if this is undesirable to you, you can do the following: + +* Prevent users from using the Config plugin to read the configuration: + ``defaultcapability add -config`` (note that sensitive configuration + variables are, of course, always hidden from users by default). +* Prevent users from listing available plugins and commands: + ``defaultcapability add -misc.list``, + ``defaultcapability add -misc.apropos``, and + ``defaultcapability add -plugin`` +* Hide capabilities users are missing to run a command: + ``supybot.reply.error.noCapability``