[plug] Linux replacing terminal server

Bernd Felsche bernie at innovative.iinet.net.au
Thu Apr 3 00:17:11 WST 2003


On Wed, Apr 02, 2003 at 08:27:18PM +0800, Cameron Patrick wrote:
> On Wed, Apr 02, 2003 at 11:09:57AM +0800, Bernd Felsche wrote:
> | Just wondering if there's a perversion of getty that would
> | automatically allow a Linux box to present its serial ports to dumb
> | terminals as though it were connecting straight through to another
> | host. i.e. to act like a dedidated terminal server.
> 
> Why do you want or need to use getty at all?  Unless I'm missing
> something, a simple shell script would do the trick.

man getty :-)

getty sets linespeed and allows you to change the terminal
commincations parameters without having to fiddle with the host
(terminal server, in this case). getty detects the parameters and
allows the user for force a "re-selection" by pressing BREAK.

> ------------
> #! /bin/sh
> exec <$1 >$1 2>$1
> 
> export TERM=whatever
> export SHELL=/bin/false  # telnet subshell paranoia
> export PATH=/bin:/usr/bin:/usr/local/bin
> # etc
> 
> stty [stuff appropriate to your terminals]
> 
> while true; do
> 	clear
> 	telnet server.host.name
> done
> ------------

> As far as I can tell, this shouldn't be a security problem.  If you're

Your mind is insufficiently devious. :-)

Knobbling the escape character elminates the hole.
su'ing to nobody before-hand  as in
	exec su nobody telnet -E server.host.name
would reduce the potential for damage even further.

> paranoid about telnet having holes you could run it as user nobody in a
> chroot gaol.  (man telnet on my machine mentions the ! command for
> running a subshell, but it doesn't actually work so far as I can tell.)

It's very difficult and involving to setup a chroot gaol that'll
still talk even telnet through the network.

Being logged in as "nobody" on a Linux box exposes the terminal
server to local exploits, but frankly, the pickings on the main
server are far more juicy. :-(

-- 
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ /  ASCII ribbon campaign | I'm a .signature virus!
 X   against HTML mail     | Copy me into your ~/.signature
/ \  and postings          | to help me spread!



More information about the plug mailing list