[plug] Linux replacing terminal server

Bernd Felsche bernie at innovative.iinet.net.au
Thu Apr 3 12:34:49 WST 2003 

On Thu, Apr 03, 2003 at 11:25:52AM +0800, Craig Ringer wrote:
> >The main issue I have are with the "support" files required by telnet.
> >i.e. the shared libraries, possibly even obtuse stuff like termcap.
> >(telnet uses libncurses.so).  Trial and error.
> 
> ... and heavy use of "ldd <lib-or-app-file>" + strace.

I thought strace _was_ trial and error. :-)

[snip]

> That was run on RH8, but my results on my debian woody box were similar. 
>  Shouldn't be too hard. At the risk of slightly weakening chroot 
> security, you can use hardlinks for things like /etc/hosts and 
> /etc/services to save later maintainance hassles, too. Alternately, 
> there's always libnss and something like LDAP or (ick) NIS.

/etc/hosts and /etc/services should be *minimal*. Net-booting would
make life easier. Unfortunately, there's no server on site
supporting PXE (yet). Nothing needs to be stored permanently from
the terminal server so a ram disk with read-only networked drives
for the big stuff that's hardly needed (e.g. terminfo) should make
life easier.

> >And you're really only protecting a terminal server. I mean, if you
> >really wanted to hack into it, you'd follow the short serial cable
> >and undo the screws. No chroot gaol will prevent that.
> 
> True, but its much easier to have a little app capturing terminal 
> session traffic and dumping paswords than it is to have a serial "man in 
> the middle" to do the same thing.

Heh; I can cook up one of them to sit inside the little RJ45-DB25
adapter shell, operating off DTR power.

> >As I said before; the pickings are far more generous at the main
> >server.

> But the terminal server /is/ a potential avenue to the main server via 
> hijacking of telnet sessions, password theft, etc. Of course the big 
> server is a jucier target, but its presumably hardened proportionally.

One would think so. :-)

-- 
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ /  ASCII ribbon campaign | I'm a .signature virus!
 X   against HTML mail     | Copy me into your ~/.signature
/ \  and postings          | to help me spread!

More information about the plug mailing list