netbsd-help: Re: echo-like replacement for telnetd

Subject: Re: echo-like replacement for telnetd
To: Andy R <quadreverb@yahoo.com>
From: Chuck Yerkes <chuck+nbsd@snew.com>
List: netbsd-help
Date: 09/18/2002 18:49:39

change /etc/inetd.conf:

telnet stream tcp nowait root /usr/bin/printf   printf "telnet is disabled\n"
or
telnet stream tcp nowait root /bin/cat      cat /etc/notelnet.txt
or 
telnet stream tcp nowait root /bin/echo     echo "telnet is bad, okay"

Quoting Andy R (quadreverb@yahoo.com):
> 
> You learn something new every day... I had searched
> high and low for information like this but never found
> it. I finally decided to just make a program of all
> printf's (don't see how it could be a security
> exposure) and just pointed the telnet line in inetd at
> it. Wish I new how to find out what you just told me
> above back then. This stuff isn't always easy... (It
> isn't even sometimes easy for me!)


Experience is what we call it.  It's why I charge more than I
did 10 years ago.  If I can do it 20 minutes what New Kid does
in 1 day, then I'm cheaper than he is.  Better, if I can TEACH
him this stuff and it takes 30 minutes, then everyone wins.
And I really don't want to handle setting up printcaps and tape
drives anymore.


> --- Giorgos Keramidas <keramida@ceid.upatras.gr>
> wrote:
> > On 2002-09-18 10:04, Andy R <quadreverb@yahoo.com>
> > wrote:
> > > I had a FreeBSD machine I had to do something
> > similar with, so I
> > > just tried compiling a C program that was a bunch
> > of printf's,
> > > changed the line in inetd to point to this program
> > instead of the
> > > real telnetd, and it works fine. Prints out
> > information, then exits.
> > > Windows telnet clients don't display it right
> > though, it wraps. Real
> > > telnet clients work fine.
> > >
> > > Maybe someone can tell me if this is secure?
> > 
> > No.  At least, not without seeing the source.
> > 
> > But you went and put yourself into a lot of trouble
> > to reimplement
> > something that is already there, as a feature.  Try
> > adding the
> > following to your hosts.allow file:
> > 
> > 	telnet : 127.0.0.1 : allow
> > 	telnet : ALL \
> > 		: severity auth.info \
> > 		: twist /bin/echo "You are not welcome to use %d
> > from %h."
> > 
> > The libwrap support of inetd(8) will take care of
> > the rest :-)