[BusyBox] Are telnetd and login save?
Steven Scholz
steven.scholz at imc-berlin.de
Thu Jul 17 13:21:38 UTC 2003
Wolfgang Denk wrote:
> In message <3F169B04.1080804 at imc-berlin.de> you wrote:
>
>>>>Or if we have to be prepared that someday someone comes up with an
>>>>buffer overflow exploit (or whatever) that allows hin to break in to a
>>>>busybox system (and get root access)?
>>>
>>>With telnet this is definitely the case.
>>
>>Why? I thought if you're carefully checking lenght and size of
>>incomming packets before processing them you're safe? Am I wrong?
>
>
> You will have to be afraid of breakins because someone might record
> the passwords you're transferring, and use the regular root login
> then.
Ok. I know that. I'm not planning to make root logins via telnet on a
regular basis! I would use ssh for that (if I needed this).
What I meant is: I want to keep the telnet open. Just in case. And
when I ever should use it, I know I have to have a secure network
(cross link cable ;-)).
So what I wanted to know was, if the devices is somewhere in the
world, and some bad guy does a port scan and discovers that a telnet
would be possible then of course he tries to break in. Just for the
sake of it. So if I choose a safe password that cannot be guessed,
could he break into the (busybox) system by sending some manipulated
packets (to let's say create a buffer overflow).
Ok?
Steven
More information about the busybox
mailing list