[plug] Linux replacing terminal server
Bernd Felsche
bernie at innovative.iinet.net.au
Thu Apr 3 10:54:28 WST 2003
On Thu, Apr 03, 2003 at 01:22:07AM +0800, Bernard Blackham wrote:
> On Thu, Apr 03, 2003 at 12:17:11AM +0800, Bernd Felsche wrote:
> > It's very difficult and involving to setup a chroot gaol that'll
> > still talk even telnet through the network.
> Mmmm, I beg to differ. I setup the chroot for the networking room at
> LCA to allow only certain commands and nothing else and it wasn't
> _too_ difficult. (lessons learnt - rbash and rzsh are absolutely
> useless)
Always been the case with r*sh shells.
> For your situation - you could put telnet alone in a chroot, setuid
> nobody, and it'd be about as secure as you could get! Also, check
> out the -E option on telnet.
The main issue I have are with the "support" files required by telnet.
i.e. the shared libraries, possibly even obtuse stuff like termcap.
(telnet uses libncurses.so). Trial and error.
And you're really only protecting a terminal server. I mean, if you
really wanted to hack into it, you'd follow the short serial cable
and undo the screws. No chroot gaol will prevent that.
As I said before; the pickings are far more generous at the main
server.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!
More information about the plug
mailing list