home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
kermit.columbia.edu
/
kermit.columbia.edu.tar
/
kermit.columbia.edu
/
newsgroups
/
misc.19950929-19951130
/
000381_news@columbia.edu_Tue Nov 14 14:00:15 1995.msg
< prev
next >
Wrap
Internet Message Format
|
1995-12-25
|
3KB
Received: from apakabar.cc.columbia.edu by watsun.cc.columbia.edu with SMTP id AA16217
(5.65c+CU/IDA-1.4.4/HLK for <kermit.misc@watsun>); Tue, 14 Nov 1995 09:00:24 -0500
Received: (from news@localhost) by apakabar.cc.columbia.edu (8.6.12/8.6.12) id JAA28426 for kermit.misc@watsun; Tue, 14 Nov 1995 09:00:22 -0500
Path: news.columbia.edu!watsun.cc.columbia.edu!fdc
From: fdc@watsun.cc.columbia.edu (Frank da Cruz)
Newsgroups: comp.protocols.kermit.misc
Subject: Re: protect modem under C-Kermit?
Date: 14 Nov 1995 14:00:15 GMT
Organization: Columbia University
Lines: 57
Message-Id: <48a7df$ro3@apakabar.cc.columbia.edu>
References: <ITZ.95Nov12201537@kronstadt.rahul.net>
Nntp-Posting-Host: watsun.cc.columbia.edu
Apparently-To: kermit.misc@watsun.cc.columbia.edu
In article <ITZ.95Nov12201537@kronstadt.rahul.net>,
Ian T Zimmerman <itz@rahul.net> wrote:
: Hi. This may be a FAQ...
:
No, this is a new one.
: ... but it isn't in the C-Kermit manual which I
: read cover to cover. I am looking for a U*x communication program
: which is both secure and flexible. This means:
:
: secure - non-root users can't under any circumstances enter the modem
: command mode.
:
: flexible - all users can specify their own phone book files, line
: setup options (baud, data/parity/stop, etc.) and scripts to execute
: once online. But, they must _not_ be permitted to specify their own
: modem initialization strings.
:
: It seems to me that every modem comm program in existence is either
: fascist - ie. secure and inflexible. Examples: cu, tip. Or
: libertarian - ie. flexible and insecure. Examples: minicom, and,
: unfortunately, C-kermit.
: That's because
: 1/ the "connect" command can be entered at any time, even before
: the modem has a carrier. Then users can talk directly to the modem and
: reprogram it to their hearts' content.
: 2/ Users can execute "set dial init-string", thus setting modem
: options indirectly. A special case of this is that they can reenable
: the modem escape sequence (`+++') if it has been disabled, then use it
: to get back to command mode at an arbitrary time.
:
: I would very much like to get around this problem in C-Kermit ,
: because otherwise I like it a lot, for its flexibility and
: simplicity. Anybody there knows how to do this (preferably without
: hacking C code) ?
:
I would not consider this a problem. What you view as insecurity are
essential features for most people.
Sometimes it's better to state the problem you are actually trying to
solve, rather than to propose a solution in a vacuum. Let me take a wild
guess -- you have some kind of dialout modem pool, and you don't want
users to be able to mess up a modem so that subsequent users can't use it
(or worse).
This is a common problem, but the place to solve it is not in the
software. Even if it were solved in the software and you had a "secure"
version of Kermit, any user could simply ftp an "insecure" version and
defeat your security (this is an oversimplification in the interest of
brevity). The place to solve the problem is the modem itself. Most
modems can be programmed to reset themselves to a site-defined state when
the phone connection is hung up. Rack-mount modems (like USR) come with a
management system (e.g. Total Control) that can control the modems
externally, reloading their configurations to undo anything even the most
devious user could do to them.
- Frank