Date: Tue, 05 Apr 2005 10:46:00 -0700 From: Danny Howard <dannyman@toldme.com> To: freebsd-questions@freebsd.org Subject: Re: Securely allowing just one application via telnet Message-ID: <4252CED8.8030802@toldme.com> In-Reply-To: <1183736361.20050405031743@wanadoo.fr> References: <1183736361.20050405031743@wanadoo.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Anthony, "Securely" and "telnet" is an oxymoron. This is mainly because any data, including passwords, sent through a non-encrypted connection, can be sniffed by anyone who can access any of the intervening networks. Your question is really very open-ended and vague. The correct question may be "I need to facilitate FOO." and then go about solving that. When you ask "I need to do something with telnet," I am inclined to say "I bet you are asking the wrong question." One (easier) way is to use a traditional login shell and set the config file to pass execution to your application. For example, if the user is set to use csh, you can put "exec fooprog" in his .login. An advantage of this is that you can set environment variables and stuff before handing execution to this application. If you do this, and you can not trust your user (he's using telnet, so his password is easy to steal,) then you want to look at how your development system handles signals. You don't want him sending some clever signal to your system that lets them sneak out in to something else. That said, if you set a user's shell (See /etc/master.passwd and the excellent pw program,) to your executable, then that is the program that will be executed as the user's login shell. (I once set up a user on my system to launch freeciv on the remote terminal so some friends and I could play this game in my dorm laboratory from the workstation in my dorm room. I think I just set the shell init file to "exec freeciv" and disabled the user when we weren't playing games. :) Another way is to put the program in inetd.conf ... you just telnet to some port, and things happen. This is like putting the program in as the user shell, but there are fewer insecure layers (telnet tends to have security advisories crop up) but you wont have telnet asking for a password for you. Anyway, good luck. Sincerely, -danny -- http://dannyman.toldme.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4252CED8.8030802>