Firewall Wizards mailing list archives

Re: anonymous telnet

From: Patrick Darden <darden () armc org>
Date: Wed, 12 Sep 2001 13:16:50 -0400 (EDT)


If you are using inetd, edit inetd.conf.  Put your perl program in as the
responder for port 23, et voila you are done.

I would be very very careful of your perl program.  I would treat it like
a CGI for security purposes.  In fact, you might want to just do this as a
CGI off of Apache.  Market it to the people who hired you as a superior
method of accomplishing what they want done.  If they really need a
character based interface, then telnet will work.

Limit the scope of your input vars, e.g. [0-9,a-z,A-Z], and cut any
characters after the first 32 or so.  Limit the number of simultaneous
connections for this program in inetd.conf.

Good luck!

--
--Patrick Darden                Internetworking Manager             
--                              706.354.3312    darden () armc org
--                              Athens Regional Medical Center


On Tue, 11 Sep 2001, hermit1 wrote:

I have been asked for advice on how to do anonymous telnet to a server 
here; the client could be anywhere.  There is a need to provide access from 
character-only terminals.  Upon establishing the telnet session, a perl 
script is supposed to run automatically.    No, they didn't explain how 
they expect a perl script to run without a user ID.  The perl script will 
accept strings of text and create queries to run against another 
system.  After I got over my bout of speechlessness I tried to explain why 
it isn't feasible.

Here are the major points I have.  Comments on any or all of this is 
welcome, corrections especially welcome.

I refuse to customize the telnetd binary, the only way I know of to 
eliminate the need for a user ID.  I suspect changing some PAM 
configuration might do it, but I don't want to try that, either.

If I use the perl script instead of the shell in /etc/passwd, any 
successful attempt to break out of the script into a shell should instead 
log the user off the computer.  Is there a known way to break this?

Unless the strings accepted by the perl script are very carefully 
validated, I assume that escape characters would allow the user to issue 
system commands.  I like the idea of rback from trusted solaris, but the 
system is Solaris 7, not 8.  Restricted shell would probably help, but I 
know little about it.

I would prefer that the developers would create their own telnet server 
combined with the perl script, and I could have this run out of inetd on 
port 23.  I don't think altering one of the open source telnet servers 
to  [1. not require a login, and 2. automatically pass all input to the 
perl script] would be difficult, and it is probably the safest way to meet 
their goal.

Comments?  Laughter?

Thanks
hermit1




***************************************************
This is an email.  Don't rely on anything seen here
as being accurate without testing it yourself.
***************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

anonymous telnet hermit1 (Sep 12)
- Re: anonymous telnet Patrick Darden (Sep 13)
- Re: anonymous telnet R. DuFresne (Sep 13)
  - RE: anonymous telnet Kendall Risselada (Sep 17)
    - RE: anonymous telnet hermit1 (Sep 17)
- Re: anonymous telnet James W. Abendschan (Sep 13)