Firewall Wizards mailing list archives
Re: anonymous telnet
From: Patrick Darden <darden () armc org>
Date: Wed, 12 Sep 2001 13:16:50 -0400 (EDT)
If you are using inetd, edit inetd.conf. Put your perl program in as the responder for port 23, et voila you are done. I would be very very careful of your perl program. I would treat it like a CGI for security purposes. In fact, you might want to just do this as a CGI off of Apache. Market it to the people who hired you as a superior method of accomplishing what they want done. If they really need a character based interface, then telnet will work. Limit the scope of your input vars, e.g. [0-9,a-z,A-Z], and cut any characters after the first 32 or so. Limit the number of simultaneous connections for this program in inetd.conf. Good luck! -- --Patrick Darden Internetworking Manager -- 706.354.3312 darden () armc org -- Athens Regional Medical Center On Tue, 11 Sep 2001, hermit1 wrote:
I have been asked for advice on how to do anonymous telnet to a server here; the client could be anywhere. There is a need to provide access from character-only terminals. Upon establishing the telnet session, a perl script is supposed to run automatically. No, they didn't explain how they expect a perl script to run without a user ID. The perl script will accept strings of text and create queries to run against another system. After I got over my bout of speechlessness I tried to explain why it isn't feasible. Here are the major points I have. Comments on any or all of this is welcome, corrections especially welcome. I refuse to customize the telnetd binary, the only way I know of to eliminate the need for a user ID. I suspect changing some PAM configuration might do it, but I don't want to try that, either. If I use the perl script instead of the shell in /etc/passwd, any successful attempt to break out of the script into a shell should instead log the user off the computer. Is there a known way to break this? Unless the strings accepted by the perl script are very carefully validated, I assume that escape characters would allow the user to issue system commands. I like the idea of rback from trusted solaris, but the system is Solaris 7, not 8. Restricted shell would probably help, but I know little about it. I would prefer that the developers would create their own telnet server combined with the perl script, and I could have this run out of inetd on port 23. I don't think altering one of the open source telnet servers to [1. not require a login, and 2. automatically pass all input to the perl script] would be difficult, and it is probably the safest way to meet their goal. Comments? Laughter? Thanks hermit1 *************************************************** This is an email. Don't rely on anything seen here as being accurate without testing it yourself. *************************************************** _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- anonymous telnet hermit1 (Sep 12)
- Re: anonymous telnet Patrick Darden (Sep 13)
- Re: anonymous telnet R. DuFresne (Sep 13)
- RE: anonymous telnet Kendall Risselada (Sep 17)
- RE: anonymous telnet hermit1 (Sep 17)
- RE: anonymous telnet Kendall Risselada (Sep 17)
- Re: anonymous telnet James W. Abendschan (Sep 13)