[K12OSN] Shutting clients down: was tight vnc connection to ltsp client refused (111 error)

Eric Harrison eharrison at mail.mesd.k12.or.us
Tue May 30 18:26:23 UTC 2006 

Huck wrote:
> No way to code in a wrapper in the TeacherTool app to get a passwd even
> if it is a static passwd that is set in a config file or something? To
> use that option.
> 
> --Huck

The problem is not on the server side, it is on the terminal side.
Adding a password, etc to applications running on the server-side
doesn't fix the problem.

Here is an example. Let's abuse a terminal, say one with the IP address
192.168.0.10

Edit /opt/ltsp/i386/etc/lts.conf and append:

	[192.168.0.10]
		ALLOW_SHUTDOWN = Y


and reboot the terminal.

Now run this command logged in as any random user logged into any random
terminal:

	echo shutdown | nc 192.168.0.10 9200


So say you ban the use of netcat (nc). Well then, let's just use telnet:

	$ telnet 192.168.0.10 9200
	Trying 192.168.0.10...
	Connected to 192.168.0.10.
	Escape character is '^]'.
	shutdown


Etc, etc. All you have to do is connect to TCP port 9200 on a terminal
and type "shutdown" (or "reboot"). That's all there is to it.  Note that
there is no username or password required, there is no logging of who
did the dastardly deed, no firewall protection for the terminals' port
9200, simply no protection what-so-ever.

Hopefully that clearly illustrates why enabling ALLOW_SHUTDOWN is
currently a REALLY BAD IDEA in most environments (especially in the
environments targeted by K12LTSP).


-Eric


> Robert Arkiletian wrote:
>> On 5/29/06, Eric Harrison <eharrison at mail.mesd.k12.or.us> wrote:
>>> > What if you change the permission of ltspinfo to 754?
>>>
>>> It would break a bunch of stuff yet will not fix this specific
>>> problem...
>>>
>>>
>>> No matter how you slice it or dice it, the "shutdown" feature is
>>> currently
>>> at best secured by obscurity. Security by obscurity is no security at
>>> all,
>>> especially when it is all in plain text.
>>>
>>> Just to make the point perfectly clear, there is currently no way to
>>> secure or restrict this specific feature. I highly recommend that
>>> this is
>>> NOT ADDED to fl_tt or in any way encourage people to use it.
>>>
>>> It is not an accident that this is disabled and undocumented.
>>
>> I understand Eric. I will NOT add this feature. It's dropped. Sorry if
>> I got some peoples hopes up. Thanks for letting me know about the
>> issues concerning this before I spent time on it.
>>
>

More information about the K12OSN mailing list