[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Future of kerberised telnet, login, rsh, ftp?



On Thu, 2005-07-07 at 11:23 +1000, Brian May wrote:
> USER
> PASS
> AUTH
> ADAT

In my experience, all FTP servers reject these once authentication has
taken place, so there's no point in protecting these outside of the
unauthenticated state.

> PORT
> EPRT
> ABOR (???)
> 
These probably ought to be secured in some fashion.

> error (not sure what this is)

Internal to the parser implementation; yacc-based parsers enter this
"state" on error and remains there until yyreset() is called or
yyparse() returns.  In the case of ftpd, it probably discards tokens
until end of line and then yyreset()s.

> CCC
> PROT

These should almost certainly be secured.

> Note: The (AUTH,USER,*) command is required so the user can initially
> login. However, it is also allowed, in insecure form, after a
> connection has already been established.

It shouldn't be; I think that may violate the FTP protocol.

> It is another thing I prefer about ssh, security happens at the lowest
> possible layer, so there is no chance an attacker can inject unwanted
> data into the data stream.

Not entirely true; it's at least theoretically possible to hijack the
X11 socket, auth socket, and the control socket in OpenSSH 3.9+.
(Apropos of the other discussion, one should avoid forwarding X11 or
auth when connecting as root; and should probably not enable the control
connection mechanism on such connections, although that's a client side
issue and if the client is untrusted you shouldn't be connecting to
anything as root from it, period.)

-- 
brandon s. allbery   [linux,solaris,freebsd,perl]      allbery@kf8nh.com
system administrator      [WAY too many hats]        allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon univ.         KF8NH