[plug] Linux replacing terminal server

Bernd Felsche bernie at innovative.iinet.net.au
Thu Apr 3 10:54:28 WST 2003


On Thu, Apr 03, 2003 at 01:22:07AM +0800, Bernard Blackham wrote:
> On Thu, Apr 03, 2003 at 12:17:11AM +0800, Bernd Felsche wrote:
> > It's very difficult and involving to setup a chroot gaol that'll
> > still talk even telnet through the network.

> Mmmm, I beg to differ. I setup the chroot for the networking room at
> LCA to allow only certain commands and nothing else and it wasn't
> _too_ difficult. (lessons learnt - rbash and rzsh are absolutely
> useless)

Always been the case with r*sh shells.

> For your situation - you could put telnet alone in a chroot, setuid
> nobody, and it'd be about as secure as you could get! Also, check
> out the -E option on telnet.

The main issue I have are with the "support" files required by telnet.
i.e. the shared libraries, possibly even obtuse stuff like termcap.
(telnet uses libncurses.so).  Trial and error.

And you're really only protecting a terminal server. I mean, if you
really wanted to hack into it, you'd follow the short serial cable
and undo the screws. No chroot gaol will prevent that.

As I said before; the pickings are far more generous at the main
server.

-- 
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ /  ASCII ribbon campaign | I'm a .signature virus!
 X   against HTML mail     | Copy me into your ~/.signature
/ \  and postings          | to help me spread!



More information about the plug mailing list