From owner-freebsd-security Sat Jul 11 21:55:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA04224 for freebsd-security-outgoing; Sat, 11 Jul 1998 21:55:42 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.exo.net.au (root@sky-valley.exo.net.au [203.14.230.103]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA04212 for ; Sat, 11 Jul 1998 21:55:33 -0700 (PDT) (envelope-from bullseye.apana.org.au!andymac@mail.exo.net.au) Received: by mail.exo.net.au id m0yvEAR-0004twC (Debian Smail-3.2 1996-Jul-4 #2); Sun, 12 Jul 1998 14:55:19 +1000 (EST) Received: from bullseye.apana.org.au (central.apana.org.au [203.9.107.245]) by bullseye.apana.org.au (8.8.8/8.8.8) with SMTP id LAA01165; Sun, 12 Jul 1998 11:13:29 +1000 (EST) (envelope-from andymac@bullseye.apana.org.au) Date: Sun, 12 Jul 1998 11:07:38 +1100 (EDT) From: Andrew MacIntyre To: Jake Hamby cc: security@FreeBSD.ORG Subject: Re: RootRunner (admin GUI w/o security holes?) In-Reply-To: Message-ID: X-X-Sender: andymac@bullseye.apana.org.au MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 10 Jul 1998, Jake Hamby wrote: > I'm currently working on an administration GUI tool for FreeBSD, Linux, > and Solaris. I've bitten off a rather large chunk of features that I'd > like to implement before my deadline of August 15 (which should be enough > of a clue for some of you to figure out why I'm working on this now), but > I hope to implement at least basic user, group, network, and package > management. {.....} > Even better, my program will (optionally) show the user which commands > it's executing, and as much as possible, use the tools in /sbin and > /usr/sbin rather than directly talking to the OS. The only other program > I've heard of that works this way is SMIT on AIX, and it sounds very > useful. I can simply echo the output of each command to a subwindow of > the GUI and in the process, teach the actual UNIX commands to new > sysadmins, rather than hiding it from them. Are there any potential > security holes with this approach? I like the idea, and have used SMIT on AIX 3.2.5, and the concept is useful. WRT the security problems, I'm not a security guru, however slightly extending your concept to support access to remote systems (using ssh as suggested by another poster in this thread) could be _very_ useful. Having 2 access mechanisms (local & remote) could be a bit cumbersome though... {.....} > Is there any possibility (especially in BSD and Linux, which require you > to search the /dev/ptyXX space to find an open pty), for race conditions > where an eavesdropper could get the root password through the pty when > someone else is running the admin GUI? Any pointers on how to write this > section of the code (if it would need to be any different from the way > that, for example, xterm grabs a pty) would be helpful. Perhaps you want to look at the source for the telnet daemon, which does basically this IIRC. {.....} -- Andrew I MacIntyre "These thoughts are mine alone..." E-mail: andrew.macintyre@aba.gov.au (work) | Snail: PO Box 370 andymac@bullseye.apana.org.au (play) | Belconnen ACT 2616 Fido: Andrew MacIntyre, 3:620/243.18 | Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message