Trying a Linux command to a telnet port

Trying a Linux command to a telnet port

Post by Steve E. Koo » Wed, 16 Jun 1999 04:00:00



Is there anyway to let a user telnet into a port on my Linux box and execute
only a single unix command. This command would be a valid unix command and
executed every time the user telneted to this port?

Thanks,

 
 
 

Trying a Linux command to a telnet port

Post by Jeld The Dark El » Wed, 16 Jun 1999 04:00:00


Read docs on inetd and rexec



Quote:> Is there anyway to let a user telnet into a port on my Linux box and
execute
> only a single unix command. This command would be a valid unix
command and
> executed every time the user telneted to this port?

> Thanks,

Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

 
 
 

Trying a Linux command to a telnet port

Post by Stewart Honsberg » Wed, 16 Jun 1999 04:00:00



>Is there anyway to let a user telnet into a port on my Linux box and execute
>only a single unix command. This command would be a valid unix command and
>executed every time the user telneted to this port?

A friend of mine recently did this exact same thing. He allowed the users
of his BBS to access the WWW by allowing them to telnet to his Linux box,
where a script (on the BBS end) would log them in as "lynx" with a password
of "lynx". The "lynx" user would be directed to lynx, and after they were
done, logged-off.

He accomplished this by editing the .bashrc file in "lynx"'s home directory.
At the end, where it would normally exit, add;

lynx
exit

(Or whatever other command you want. Another popular one is;

startx
exit

for Linux newbies / Linux users' wives / etc..).

If you don't run BASH as your shell, find out what the login script is for
your particular shell, and this should do the trick as well.

--


Humming along under SuSE Linux 6.0 / OS/2 Warp 4

 
 
 

Trying a Linux command to a telnet port

Post by Marc Mut » Wed, 16 Jun 1999 04:00:00



> Is there anyway to let a user telnet into a port on my Linux box and execute
> only a single unix command. This command would be a valid unix command and
> executed every time the user telneted to this port?

> Thanks,

Maybe rsh is what you want.
Maybe some lines of Perl that bind themselves to a given port and
execute a command on every connection is what you want. (man IO::Socket)

Marc

 
 
 

Trying a Linux command to a telnet port

Post by Ben Sho » Thu, 17 Jun 1999 04:00:00



says...
Quote:> Is there anyway to let a user telnet into a port on my Linux box and execute
> only a single unix command. This command would be a valid unix command and
> executed every time the user telneted to this port?

> Thanks,

Provided you wanted to log them back out _immediately_ again, you could
edit their login script (.profile in my case) to have

/usr/command
logout

as soon as the person logs in, the command is executed, and they are
logged out again. Either that or you could set up a shell menu, which
will only give the person one option.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Ben Short                http://www.shortboy.dhs.org

*Remove n0spam to email me*
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 
 
 

Trying a Linux command to a telnet port

Post by Donovan Rebbec » Thu, 17 Jun 1999 04:00:00




>>Is there anyway to let a user telnet into a port on my Linux box and execute
>>only a single unix command. This command would be a valid unix command and
>>executed every time the user telneted to this port?

>A friend of mine recently did this exact same thing. He allowed the users
>of his BBS to access the WWW by allowing them to telnet to his Linux box,
>where a script (on the BBS end) would log them in as "lynx" with a password
>of "lynx". The "lynx" user would be directed to lynx, and after they were
>done, logged-off.

This is almost trivial to exploit unless lynx is setup carefully. On any
kind of remotely accesible guest account, security should be taken seriously.

The main loopholes that you want to close off are anything that would allow the
user to run an external program. The main thing you want to close off is the
chance of the user getting a shell.

lynx -ftp -nobrowse -restrictions=all -rlogin -telnet

is a good start (-; The "restrictions=all" is the most important since
it closes off a lot of potentail "shell escape" loopholes ( for example, an
editor or any program that spawns one is a free shell )

There are two ways you can have lynx run:

One is to simply make the user's shell lynx.

The other is to have one of the startup files exec lynx. It should exec -
you don't want the shell running in the background ( or the user can
shell-escape just by interrupting lynx ).
A good way to do this is to make rbash ( restricted bash ) the user's
shell, give the user a path /usr/guest, and put a link to /usr/bin/lynx
in /usr/guest. Then have the account's startup files owned by root so that
the user can't change them.

--
Donovan

 
 
 

Trying a Linux command to a telnet port

Post by Donovan Rebbec » Thu, 17 Jun 1999 04:00:00



>Is there anyway to let a user telnet into a port on my Linux box and execute
>only a single unix command. This command would be a valid unix command and
>executed every time the user telneted to this port?

Yes.

Put "exec foo" in the user's startup file , or just make "foo" the user's
login shell.

See my other post in this thread though. You need to take special measures
to make sure that you are not opening up any security holes. For example, if
you are creating a remotely accesible guest account, you need to close off
all shell escapes. A good start is using "rbash" as the users shell ( and
having root own the startup files )

--
Donovan

 
 
 

Trying a Linux command to a telnet port

Post by Klaas Barend » Thu, 17 Jun 1999 04:00:00


Quote:> See my other post in this thread though. You need to take special measures
> to make sure that you are not opening up any security holes. For example, if
> you are creating a remotely accesible guest account, you need to close off
> all shell escapes. A good start is using "rbash" as the users shell ( and
> having root own the startup files )

How about making /usr/bin/lynx the default shell of a user. By editing
the
/etc/passwd file and add /usr/bin/lynx to your /etc/shells. When a user
logs in, he is presented with lynx, you can decide what his lynx.cfg
looks
like. As soon as he presses q to quit, he is logged out immediatly.

Or is there something I am missing here?

--
mvg. Klaas Barends
    http://bart.nl/~hapkido/

 
 
 

Trying a Linux command to a telnet port

Post by Donovan Rebbec » Fri, 18 Jun 1999 04:00:00



>How about making /usr/bin/lynx the default shell of a user. By editing
>the
>/etc/passwd file and add /usr/bin/lynx to your /etc/shells. When a user

that was one of my suggestions.

Quote:>Or is there something I am missing here?

The reason for my suggestion of using rbash is that rbash is an effective
way of boxing in the user ie possibly increasing the chances that they
can't run anything besides lynx.

I am not sure if there would be much or any advantage to doing this though.

--
Donovan

 
 
 

1. Telnet on port 23 spawns other telnet process on different port?

Hi,

I've got a question about something I read about a telnet server.

All the telnet servers I worked with in the past were capable of
handling multiple connections at a time using just port 23.
But I read something about a telnet server which spawned a
seperate process on a different PORT number (<> 23) for each
connection.

What I don't see, is the way how this is communicated to the
telnet client ??

The telnet client tried to connect to the telnet service on port 23
but how does the client know that "his" telnet server for that
connection will be on port , let's say, 3000???

Is this handled by the Telnet app, the telnet specs (couldn't
find anything there) or even TCP or IP??

Does the server on port 23 acknowledge the connection?
Does this server on port 23 send the new port number to the client?
Does the new server on port 3000 send the ack for the connection???

Thanks for your time...

2. How to intercept selected system calls

3. Getting error from port 110 when trying to telnet to it.

4. FTP limits in Inet

5. Trying to telnet to linux host

6. User logged in?

7. trying to write a module which uses parallel port, but inb( port ) is always the same

8. X from laptop to ext. monitors...

9. telnet + remote commands from command line ?

10. "Disconneted from server" when I try to telnet to my new linux install?

11. HELP-Trying to telnet between linux and win95 boxes

12. Linux newbie trying to port Win32 code

13. Help in trying to share a modem for use as a virtual port in linux