|
Grex > Coop8 > #60: New Machine, Unfriendy troubles | |
|
| Author |
Message |
sidhe
|
|
New Machine, Unfriendy troubles
| 
Apr 27 15:00 UTC 1996 |
I am annoyed by a change to grex that occurred apparently abou the same time
that it was moved to the new machine. The unix command "login" now kicks
me offf the system. I wrote help about it, and nothing's ever been replired
to, so here I am ,making a nuisance of myself.
I would like "Login" reinstated. Thank you.
I would also like telnetd to throw me back to my ISP when it tells me
all ports are full, instead of letting me hang there. My ISP occassionally
does unfriendly things when I type ^], like kick me off my dialin,
making it another five minutes before I can try again. This is a most
unfriendly feature.
|
| 52 responses total. |
scott
|
|
response 1 of 52:
|
Apr 27 15:40 UTC 1996 |
Welcome back, sidhe.
We've working on both of those. The trouble is that nobody pays our staffers,
so it takes awhile to fix big things like those. "login" got turned off
because it had a security hole, just like "su". Apparently something that
the new OS didn't do the same as the old.
Telnetd is also new. We are working on a couple different solutions, one
being a waiting list with occasional "you are 2nd in line for a pty" type of
message, and also a different return when you can't get a port. The current
"feature" of sticking for 2 minutes is for people who would telnet to Grex
in a newly opened window would bounce off the "all ports in use" message,
closing the window too fast to see what the message was. So the current
system, while not great, was better than the old one.
You might try bitching at your ISP about the ^] issue, since your local system
ought to let the next layer of software handle those. Probably it is a result
of using terminal server that set up a telnet session to their host when you
dial in.
|
srw
|
|
response 2 of 52:
|
Apr 27 16:18 UTC 1996 |
People have complained about login being disabled. All questions about this
that I have seen in e-mail have been responded to. I didn't see any message
from sidhe, though. Scott is right, login was disabled for security reasons.
I believe that you can use nohupcl in order to log off without
disconnecting and get a new login prompt. If you only want to run the
second login as a short interruption, you can telnet to localhost. Since this
does not go out to the internet, it is permitted to non-members, although you
will have to read an explanation of why telnet won't work first. This is not
recommended except for short interruptions because it consumes extra Grex
resources.
Now the delay in telnetd. That has also upset a number of people. It was put
in as an extra long delay because we were getting attacked by people who could
not get in. A short delay is all that is needed to make the screen readable,
but 2 minutes goes way beyond that. I'd like to see it change, and Marcus left
us with a new version of telnetd with some nice new features, but it needs
some very thorough testing before it can be installed. I think steve is
working on this.
|
dang
|
|
response 3 of 52:
|
Apr 27 17:51 UTC 1996 |
I was under the impression that the 2 minute wait was because people were
"attack telnetting" and consuming link?
|
remmers
|
|
response 4 of 52:
|
Apr 27 22:50 UTC 1996 |
Re #0: In addition to writing help, you mentioned this in the
system problems item in Agora, where I replied to it. I suggested
the command "telnet localhost" to switch logins (short-term), just
as Steve did in #2.
|
selena
|
|
response 5 of 52:
|
Apr 29 04:04 UTC 1996 |
What was the secuity prob with login?
|
carson
|
|
response 6 of 52:
|
Apr 29 11:32 UTC 1996 |
dunno.
|
steve
|
|
response 7 of 52:
|
Apr 29 11:34 UTC 1996 |
People were using it to supposedly "get around" leaving where they
were coming in from.
|
brighn
|
|
response 8 of 52:
|
Apr 29 19:38 UTC 1996 |
I thought the security problem was the cloaking on party.
if you !login from party and then shelled back out,
you disappeared from the :who list.
|
davel
|
|
response 9 of 52:
|
Apr 29 21:33 UTC 1996 |
<sigh> Not just party, & much worse ... but that is the bare bones, indeed.
|
kerouac
|
|
response 10 of 52:
|
Apr 30 02:01 UTC 1996 |
You can run !telnet or !telnet localhost, but I think this is potentially
really bad. The reason is that some wiseguy could telnet into grex from
his previous grex logins repeatedly and tie up all the telnet ports. This
would be worse than the security problems related to having !login...maybe
it should be restored.
|
srw
|
|
response 11 of 52:
|
Apr 30 04:44 UTC 1996 |
A person could just run a fork bomb, too. I don't think it's a big deal.
We would probably handle either case the same way.
|
kerouac
|
|
response 12 of 52:
|
Apr 30 18:23 UTC 1996 |
yeah but see you staff folks dont telnet in mostly, so it doesnt bother
you as much if someone is hogging five telnet ports at the same time. But
when you keep getting kicked back to your server time and again with
"all ports are busy", its a pain!
At least with !login, you could login in simultaneously without hogging
places in line.
|
dang
|
|
response 13 of 52:
|
Apr 30 19:03 UTC 1996 |
If I remember correctly, !login does not give you another login, just a new
login on the same tty. So, you could not simultaneously login without hogging
places in line. I don't think that's possible.
|
kerouac
|
|
response 14 of 52:
|
Apr 30 19:28 UTC 1996 |
#13...right, !login just gives you a new login on the same tty so it
doesnt inconvenience anyone else. Without !login, people will use
!telnet localhost to hog multiple telnet ports, and unless they are
using the same login on all of them, it will be difficult for staff to
even know. Might see a bunch of idle logins but not know they are coming
from the same place. There is potential for abuse here that surely
is as great as using !login to hide the place you are telnetting from
from showing up in !who.
I didnt know staff not being able to tell where someone is telnetting
from is a security hole. If people dont want to divulge that, they may
have good reasons. There have been cases where users harassing others
will look up the location the other person is telnetting from and
on !who and attempt to harass them at that location.
I think unless better, more detailed reasons are stated, this is a case
of paranoia winning out and that !login should be restored.
|
janc
|
|
response 15 of 52:
|
Apr 30 22:45 UTC 1996 |
#12: I'd say staff telnets in about half the time. I rarely do, but Greg
and Marcus mostly do.
|
steve
|
|
response 16 of 52:
|
May 1 01:42 UTC 1996 |
Unforunately Richard, people trying to hide their true IP address
is the best giveaway I've seen to raise questions about them. Just
about every person I've seen try that has attempted various little
things. We've started to call that "testing the locks".
There are login to be more changes to login soon, such that
after logging off Grex, you get back to a login: prompt, instead
of having telnetd shut the door in your face. That will let
people be able to login one right after the other, and get
around the current problem of losing the telnet connection once
person A is finished and B wants on.
|
scg
|
|
response 17 of 52:
|
May 1 05:08 UTC 1996 |
re 12:
I almost always telnet in. If you see me in on a dial=up, it probably
means I dialed in to reset the Internet connection, after finding myself
unable to telnet in. This is because I do mail on another system instead of
Grex, and I like to be able to read mail if it comes in while I'm Grexing.
Various other staffers also telnet in for various reasons.
|
popcorn
|
|
response 18 of 52:
|
May 1 14:24 UTC 1996 |
Richard, you're not going to get staff to go into more detail about security
holes, because in general staff doesn't talk about security holes in public.
|
srw
|
|
response 19 of 52:
|
May 1 14:30 UTC 1996 |
I telnet in much more than half the time. I find that being out of ports is
incredibly annoying. I still defend the use of telnet for short interruptive
sessions. I think its pretty hopeless to stop denial of service attacks
in advance on a system this open. We do respond to such attacks.
Do not assume that staff doesn't telnet, we do more than not.
|
brighn
|
|
response 20 of 52:
|
May 1 17:00 UTC 1996 |
Gee, why not, Valerie? Maybe then y'all could just start posting
confidential information so that y'all wouldn't have to *worry*
about security breaches... 8^P
|
davel
|
|
response 21 of 52:
|
May 1 20:38 UTC 1996 |
re #19 & some others: ... as even a casual scan of who's on at any given time
would fairly quickly show, & as a cross-tab of output from last for staff
people would show conclusively <he asserts without actually *doing* the
latter>
|
carson
|
|
response 22 of 52:
|
May 2 19:19 UTC 1996 |
re #20: I think that's the funniest thing you've written that I've
read all year. Thanks. I don't think anyone else gets it, though...
|
popcorn
|
|
response 23 of 52:
|
May 3 04:31 UTC 1996 |
(I got it, the first time I saw it.)
|
brighn
|
|
response 24 of 52:
|
May 3 07:15 UTC 1996 |
*blinks* Carson complimented me? It's the sign of the Armageddon!
*giggle*
|