From owner-freebsd-security@FreeBSD.ORG Mon Oct 11 00:57:41 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8137416A4CE for ; Mon, 11 Oct 2004 00:57:41 +0000 (GMT) Received: from ephraim.got-servers.net (ephraim.got-servers.net [67.19.208.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5617543D49 for ; Mon, 11 Oct 2004 00:57:41 +0000 (GMT) (envelope-from securitylist@sharp-ideas.net) Received: from pool-70-18-226-160.res.east.verizon.net ([70.18.226.160] helo=[192.168.2.78]) by ephraim.got-servers.net with esmtpa (Exim 4.43) id 1CGoVJ-0004IF-LK for freebsd-security@freebsd.org; Sun, 10 Oct 2004 20:57:33 -0400 Message-ID: <4169DA8C.3000304@sharp-ideas.net> Date: Sun, 10 Oct 2004 20:57:48 -0400 From: Abe Usher User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-PopBeforeSMTPSenders: abe.usher@sharp-ideas.net,securitylist@sharp-ideas.net X-Antivirus-Scanner: Clean mail though you should still use an Antivirus X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ephraim.got-servers.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - sharp-ideas.net X-Source: X-Source-Args: X-Source-Dir: Subject: MonkeyShell: using XML-RPC for access to a remote shell X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 00:57:41 -0000 Security pundits have been warning about the dangers implicit with Web services for years. A good starting point for understanding the security issues related to Web services can be found at: http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci872720,00.html Of course to really understand the security risks posed by Web services, you need to understand the basics of Web services. Enter an application I wrote called "Monkey Shell." MonkeyShell is a simple open source Python application that uses extensible markup language remote procedure calls (XML-RPC) to execute commands through a remote system shell. I kept the code terse (less than 100 lines total) so that it can be studied easily. It is similar to netcat except instead of "shell shoveling" data through a raw TCP connection, it wraps data in XML and transports it over HTTP. MonkeyShell is freely available at: http://www.sharp-ideas.net/ Cheers, Abe Usher, CISSP From owner-freebsd-security@FreeBSD.ORG Mon Oct 11 20:52:10 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3181A16A4CE for ; Mon, 11 Oct 2004 20:52:10 +0000 (GMT) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE50D43D1F for ; Mon, 11 Oct 2004 20:52:09 +0000 (GMT) (envelope-from cristjc@comcast.net) Received: from blossom.cjclark.org (c-24-6-187-112.client.comcast.net[24.6.187.112]) by comcast.net (rwcrmhc11) with ESMTP id <2004101120520401300ccd6te>; Mon, 11 Oct 2004 20:52:09 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.11/8.12.8) with ESMTP id i9BKq3Vf017025; Mon, 11 Oct 2004 13:52:03 -0700 (PDT) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.11/8.12.11/Submit) id i9BKq3VC017024; Mon, 11 Oct 2004 13:52:03 -0700 (PDT) (envelope-from cristjc@comcast.net) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Mon, 11 Oct 2004 13:52:03 -0700 From: "Crist J. Clark" To: Abe Usher Message-ID: <20041011205202.GC16819@blossom.cjclark.org> References: <4169DA8C.3000304@sharp-ideas.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4169DA8C.3000304@sharp-ideas.net> User-Agent: Mutt/1.4.2.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-security@freebsd.org Subject: Re: MonkeyShell: using XML-RPC for access to a remote shell X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 20:52:10 -0000 On Sun, Oct 10, 2004 at 08:57:48PM -0400, Abe Usher wrote: > Security pundits have been warning about the dangers implicit with Web > services for years. http://www.faqs.org/rfcs/rfc3093.html I am not aware of an implementation. It'd be a nice demostration too. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-security@FreeBSD.ORG Sat Oct 16 05:46:05 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F92516A4CE for ; Sat, 16 Oct 2004 05:46:05 +0000 (GMT) Received: from ran.psg.com (ip192.186.dsl-acs2.seawa0.iinet.com [209.20.186.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E28A43D31 for ; Sat, 16 Oct 2004 05:46:05 +0000 (GMT) (envelope-from randy@psg.com) Received: from localhost ([127.0.0.1] helo=ran.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.34 (FreeBSD)) id 1CIhOG-000KoT-Kj; Fri, 15 Oct 2004 22:46:04 -0700 From: Randy Bush Message-ID: <16752.46492.42624.55457@ran.psg.com> Date: Fri, 15 Oct 2004 22:46:04 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: freebsd security cc: scs@umich.edu Subject: /security/op on -current? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Oct 2004 05:46:05 -0000 on 6-current, i am getting "Permission denied by op" for stuff that o used to work o looks absurdly simple could it be a pam interaction or some other dark magic? randy From owner-freebsd-security@FreeBSD.ORG Sat Oct 16 13:44:55 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 428B616A4CE for ; Sat, 16 Oct 2004 13:44:55 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD58343D3F for ; Sat, 16 Oct 2004 13:44:54 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 64B445486E; Sat, 16 Oct 2004 08:44:54 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 19590-02; Sat, 16 Oct 2004 08:44:43 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id BE1FB54846; Sat, 16 Oct 2004 08:44:43 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 669496D47D; Sat, 16 Oct 2004 08:44:30 -0500 (CDT) Date: Sat, 16 Oct 2004 08:44:30 -0500 From: "Jacques A. Vidrine" To: Randy Bush Message-ID: <20041016134430.GF81894@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Randy Bush , freebsd security , scs@umich.edu References: <16752.46492.42624.55457@ran.psg.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <16752.46492.42624.55457@ran.psg.com> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd security cc: scs@umich.edu Subject: Re: /security/op on -current? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Oct 2004 13:44:55 -0000 On Fri, Oct 15, 2004 at 10:46:04PM -0700, Randy Bush wrote: > on 6-current, i am getting "Permission denied by op" That's the exact text? > for stuff that > o used to work > o looks absurdly simple > > could it be a pam interaction or some other dark magic? What stuff? Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org