Board index Linux Networking

Folding Telnet enhancements into Linux distros

Folding Telnet enhancements into Linux distros

Post by Thomas W » Thu, 22 Feb 2001 21:21:39



A recent mailing-list discussion prompted me to notice that the
default Telnet client and server distributed with various Linux
distributions like RedHat have fallen far behind the state-of-the-art
Open Source Telnet codebases out there, especially as far as
security is concerned.  Features that have been added include:

- Strong authentication: SRP, Kerberos V5/V4
- Encryption: 3DES, CAST-128, DES
- X11 session forwarding
- SSL/TLS-based session security (confidentiality and integrity)

Some of the enhancements provide security features not present in
existing remote access products, like ssh, and users should be allowed
a free choice in the matter.  Are crypto export restrictions still an
issue for Linux distros these days?  What's the best way to proceed
with integrating a few years' worth of security work into existing
Linux codebases?  I'd be willing to spend some time on the project
to see it through to completion.
--


  Phone: (650) 723-1565              exchange for security deserve neither."
   http://www-cs-students.stanford.edu/~tjw/   http://srp.stanford.edu/srp/

 
 
 
Top

Folding Telnet enhancements into Linux distros

Post by Frank da Cr » Thu, 22 Feb 2001 23:44:23




:
: A recent mailing-list discussion prompted me to notice that the
: default Telnet client and server distributed with various Linux
: distributions like RedHat have fallen far behind the state-of-the-art
: Open Source Telnet codebases out there, especially as far as
: security is concerned.  Features that have been added include:
:
: - Strong authentication: SRP, Kerberos V5/V4
: - Encryption: 3DES, CAST-128, DES
: - X11 session forwarding
: - SSL/TLS-based session security (confidentiality and integrity)
:
: Some of the enhancements provide security features not present in
: existing remote access products, like ssh, and users should be allowed
: a free choice in the matter.
:
Secure Telnet servers are listed here:

  http://www.columbia.edu/kermit/telnetd.html

Various secure Telnet clients exist, most of them modifications of the
regular UNIX Telnet client, adding one of the security methods.
C-Kermit 7.0, however, implements all of the ones that Tom listed:

  http://www.columbia.edu/kermit/ckermit.html

and adds file transfer, scripting, and character-set translation.  Its
license allows inclusion with Linux:

  ftp://kermit.columbia.edu/kermit/f/COPYING.TXT

: Are crypto export restrictions still an
: issue for Linux distros these days?
:
Binaries are restricted.  There is also a USA embargo on a list of
specific countries, but apparently it does not extend to making
source code available in public venues.

- Frank

 
 
 
Top

1. x86 boot enhancements, link enhancements 2/11

#2  2.5.8.boot.vmlinuxlds
============================================================
- i386/Makefile remove bogus linker command line of -e stext
- Fix vmlinux.lds so vmlinux knows it loads at 0x100000 (1MB)
- Fix vmlinux.lds so we correctly use startup_32 for our entry point
- Make startup_32 global

diff -uNr linux-2.5.8.boot.boot_params/arch/i386/Makefile linux-2.5.8.boot.vmlinuxlds/arch/i386/Makefile
--- linux-2.5.8.boot.boot_params/arch/i386/Makefile     Thu Apr 12 13:20:31 2001

 LD=$(CROSS_COMPILE)ld -m elf_i386
 OBJCOPY=$(CROSS_COMPILE)objcopy -O binary -R .note -R .comment -S
-LDFLAGS=-e stext
+LDFLAGS=
 LINKFLAGS =-T $(TOPDIR)/arch/i386/vmlinux.lds $(LDFLAGS)

 CFLAGS += -pipe
diff -uNr linux-2.5.8.boot.boot_params/arch/i386/kernel/head.S linux-2.5.8.boot.vmlinuxlds/arch/i386/kernel/head.S
--- linux-2.5.8.boot.boot_params/arch/i386/kernel/head.S        Wed Mar 20 07:18:31 2002

  *
  * On entry, %esi points to the real-mode code as a 32-bit pointer.
  */
-startup_32:
+ENTRY(startup_32)
 /*
  * Set segments to known values
  */
diff -uNr linux-2.5.8.boot.boot_params/arch/i386/vmlinux.lds linux-2.5.8.boot.vmlinuxlds/arch/i386/vmlinux.lds
--- linux-2.5.8.boot.boot_params/arch/i386/vmlinux.lds  Sun Mar 10 20:09:08 2002

  */
 OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386")
 OUTPUT_ARCH(i386)
-ENTRY(_start)
+physical_startup_32 = startup_32 - 0xC0000000;
+ENTRY(physical_startup_32)
+PHDRS
+{
+       text PT_LOAD AT(0x100000);
+
+}
 SECTIONS
 {

        *(.text)
        *(.fixup)
        *(.gnu.warning)
-       } = 0x9090
+       } :text = 0x9090

   _etext = .;                  /* End of text section */

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2. Honest question about NT vs. Unix as Internet platform

3. x86 Boot enhancements, build enhancements 6/9

4. Help:connecting to apache via ISP

5. FWD- Red Hat is indeed the Bugs Hat and the suckest distro amongst the Linux distros.

6. test

7. Are LINUX-FT fixes folded into Linux/GNU to gcc ?

8. getting DR2.1 update 6

9. Newbie how to add telnet+ftp to custom 2.0.36 distro?

10. Distro or not to Distro..... that is the ????

11. Slackware distro secure? (was Redhat distro secure?)

12. telnet from w98->Linux ok, but can't telnet Linux->w98


All times are UTC
Board index