RE: build an appliance without a shell

[Rodney Thayer <rodney () canola-jones com>]

At 04:16 PM 3/4/2004 +0100, Pete Herzog wrote:
> Ken,
>
> We had to do something similar for the Hacker Highschool project where
> we needed to make an appliance to accept authentication connections
> over SSH which allowed access to the purposely hackable systems behind
> it.  I bounced the ideas off the guys from @ MediaService and using
> Authpf in OpenBSD with an empty shell that provides no functionality
> at all outside of closing it ends access.  We looked through the
> possibilities of hacking it and what it could mean for us on a risk
> standpoint.  What this means is that for us, shell is justified as
> opposed to the cost of a solution to not have it. I suggest you
> consider the same.

It's a grey area.  In the specific case I found a problem, here's 
the scenario the shipped product gave me:

  Installation:

  step 1: power on the box with a vga and keyboard
  step 2: answer the questions the shell script asked me
  step 3: assign an username and password for the administrator account

I then, on a lark, tried to SSH into the box, using username "root" and
the password I assigned in step 3.  It worked.

This means:

  -- they had ssh
  -- they had a shell
  -- they consciously assigned a password I entered as the root password.

In trying to quantify the risk there, the only solid statement I can come up
with that's cross-platform is "DO NOT SHIP A SHELL".  Lots of vendors
use restricted shells, or buy one of those silly IOS command parser clone
products, or otherwise muck with things to get past this.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave