Firewall Wizards mailing list archives
anonymous telnet
From: hermit1 <hermits () mac com>
Date: Tue, 11 Sep 2001 13:12:29 -0700
I have been asked for advice on how to do anonymous telnet to a server here; the client could be anywhere. There is a need to provide access from character-only terminals. Upon establishing the telnet session, a perl script is supposed to run automatically. No, they didn't explain how they expect a perl script to run without a user ID. The perl script will accept strings of text and create queries to run against another system. After I got over my bout of speechlessness I tried to explain why it isn't feasible.
Here are the major points I have. Comments on any or all of this is welcome, corrections especially welcome.
I refuse to customize the telnetd binary, the only way I know of to eliminate the need for a user ID. I suspect changing some PAM configuration might do it, but I don't want to try that, either.
If I use the perl script instead of the shell in /etc/passwd, any successful attempt to break out of the script into a shell should instead log the user off the computer. Is there a known way to break this?
Unless the strings accepted by the perl script are very carefully validated, I assume that escape characters would allow the user to issue system commands. I like the idea of rback from trusted solaris, but the system is Solaris 7, not 8. Restricted shell would probably help, but I know little about it.
I would prefer that the developers would create their own telnet server combined with the perl script, and I could have this run out of inetd on port 23. I don't think altering one of the open source telnet servers to [1. not require a login, and 2. automatically pass all input to the perl script] would be difficult, and it is probably the safest way to meet their goal.
Comments? Laughter? Thanks hermit1 *************************************************** This is an email. Don't rely on anything seen here as being accurate without testing it yourself. *************************************************** _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- anonymous telnet hermit1 (Sep 12)
- Re: anonymous telnet Patrick Darden (Sep 13)
- Re: anonymous telnet R. DuFresne (Sep 13)
- RE: anonymous telnet Kendall Risselada (Sep 17)
- RE: anonymous telnet hermit1 (Sep 17)
- RE: anonymous telnet Kendall Risselada (Sep 17)
- Re: anonymous telnet James W. Abendschan (Sep 13)