home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
kermit.columbia.edu
/
kermit.columbia.edu.tar
/
kermit.columbia.edu
/
newsgroups
/
misc.19950929-19951130
/
000398_news@columbia.edu_Wed Nov 15 05:45:24 1995.msg
< prev
next >
Wrap
Internet Message Format
|
1995-12-25
|
3KB
Received: from apakabar.cc.columbia.edu by watsun.cc.columbia.edu with SMTP id AA28600
(5.65c+CU/IDA-1.4.4/HLK for <kermit.misc@watsun>); Thu, 16 Nov 1995 03:16:52 -0500
Received: (from news@localhost) by apakabar.cc.columbia.edu (8.6.12/8.6.12) id DAA14721 for kermit.misc@watsun; Thu, 16 Nov 1995 03:16:40 -0500
Path: news.columbia.edu!sol.ctr.columbia.edu!news.uoregon.edu!gatech2!news.sprintlink.net!news.cirrus.com!bug.rahul.net!a2i!rahul.net!a2i!hustle.rahul.net!itz
From: itz@rahul.net (Ian T Zimmerman)
Newsgroups: comp.protocols.kermit.misc
Subject: Re: protect modem under C-Kermit?
Date: 15 Nov 1995 05:45:24 GMT
Organization: a2i network
Lines: 48
Message-Id: <ITZ.95Nov14214524@kronstadt.rahul.net>
References: <ITZ.95Nov12201537@kronstadt.rahul.net> <48a7df$ro3@apakabar.cc.columbia.edu>
Nntp-Posting-Host: kronstadt.rahul.net
In-Reply-To: fdc@watsun.cc.columbia.edu's message of 14 Nov 1995 14:00:15 GMT
Apparently-To: kermit.misc@watsun.cc.columbia.edu
In article <48a7df$ro3@apakabar.cc.columbia.edu> fdc@watsun.cc.columbia.edu (Frank da Cruz) writes:
> : It seems to me that every modem comm program in existence is either
> : fascist - ie. secure and inflexible. Examples: cu, tip. Or
> : libertarian - ie. flexible and insecure. Examples: minicom, and,
> : unfortunately, C-kermit.
> : That's because
> : 1/ the "connect" command can be entered at any time, even before
> : the modem has a carrier. Then users can talk directly to the modem and
> : reprogram it to their hearts' content.
> : 2/ Users can execute "set dial init-string", thus setting modem
> : options indirectly. A special case of this is that they can reenable
> : the modem escape sequence (`+++') if it has been disabled, then use it
> : to get back to command mode at an arbitrary time.
> :
>
> Sometimes it's better to state the problem you are actually trying to
> solve, rather than to propose a solution in a vacuum. Let me take a wild
> guess -- you have some kind of dialout modem pool, and you don't want
> users to be able to mess up a modem so that subsequent users can't use it
> (or worse).
>
Right on.
> This is a common problem, but the place to solve it is not in the
> software. Even if it were solved in the software and you had a "secure"
> version of Kermit, any user could simply ftp an "insecure" version and
> defeat your security (this is an oversimplification in the interest of
> brevity).
No, not if access to the device is restricted and kermit (or whatever)
runs setuid/setgid.
> The place to solve the problem is the modem itself. Most
> modems can be programmed to reset themselves to a site-defined state when
> the phone connection is hung up. Rack-mount modems (like USR) come with a
> management system (e.g. Total Control) that can control the modems
> externally, reloading their configurations to undo anything even the most
> devious user could do to them.
>
OK, I will look at that.
--
Ian T Zimmerman +-------------------------------------------+
P.O. Box 13445 I With so many executioners available, I
Berkeley, California 94712 I suicide is a really foolish thing to do. I
USA <itz@rahul.net> +-------------------------------------------+