On Thu, Aug 01, 2002 at 08:09:31AM +0900, [EMAIL PROTECTED] wrote: > Hi, > > From: "Karl E. Jorgensen" <[EMAIL PROTECTED]> > Subject: Re: service enablement via mail and otp? > Date: Wed, 31 Jul 2002 13:47:16 +0100 > > > On Wed, Jul 31, 2002 at 02:01:14PM +0200, Marcin Owsiany wrote: > > > On Wed, Jul 31, 2002 at 01:37:30PM +0900, [EMAIL PROTECTED] wrote: > > > > Hi, > > > > > > > > For some time, I've been toying w/ the idea of putting together > > > > something that would allow me to trigger the starting/stopping of > > > > various services [1] via a mail message containing some kind of OTP. > > > > > > Recently I have seen someone posting an URL to his program which does > > > something like that. It used GPG. > > > > > > I can't find the post, but I think you could find it looking for > > > keywords like "mail" "execution" "remote" etc.. > > > > > > I guess it was this list, but I'm not sure. > > > > That someone could have been me: > > http://www.karl.jorgensen.com/smash > > > > Note: This is not production quality (yet). I use it myself on a couple > > of machines and find it useful. Testers and bugreports are > > welcome. Eyes on the source to find security weaknesses are in > > high demand. Read the man-page. Caveat Emptor. > > This could be nice...too nice for me perhaps (-; > > I've downloaded a copy and taken a quick look at the man page -- I > didn't notice anything about mechanisms for dealing w/ replay attacks > in the man page -- are there any?
No. I have to admit that I hadn't even thought about replay attacks :-(.
I'll have to see what methods others have employed to avoid them (or
think up a probably-less-secure method myself).
Thinking about it: this would definitely be a good thing to add to
smash.
At some point I did ask on this list for where to find QA resources and
got a couple of good answers. But unfortunately I haven't yet had time
to follow up on them.
> The reason I like the OTP design for my particular situation is that I
> don't want to carry around a PGP key [1] and I don't want to mess w/
> doing some kind of round-trip-challenge-response thing via mail to
> deal w/ potential replay attacks.
Hm... GPG *does* have a --symmetric option, which seems to not use keys
at all. Assuming that a suitable method for generating (and
keeping-in-sync) passphrases between your PDA and smash, do you think
that would be suitable for you? This probably implies storing/generating
acceptable passphases locally (for smash) in clear-text...
[ Almost going off-topic for this list now...]
> I'm also more comfortable w/ only allowing limited command execution
> -- specifically, only starting a single-session-only sshd (perhaps
> stopping sshd too) -- so that worse case, someone can only start sshd
> on a machine I'm looking after. Any plans for limiting the commands
> to be executed?
Not yet. But it should be reasonably simple to add extensions to check
the script immediately before execution. I'd prefer to implement such
extensions as separate scripts. I like that idea. One more on my TODO
list.
However, I *do* have plans to allow commands to be mime-decoded and
executed under a different user. This is mostly to ringfence any bugs
in the mime decoding (which I suspect is not "strong" security-wise).
This would also help to protect ~/.gnupg/* and ~/.procmailrc.
> [1] I've got OTP calculators for my PDA which I'm fine w/ carrying.
> Actually, what I don't want is to carry around a secret key and a
> corresponding device to do the encryption/signing/decryption
> (perhaps some day PDAs will do this comfortably). I'm not about
> to place a secret key of mine on someone else's machine...
Which OTP calculator (and PDA) do you use? I've got a PDA too, and this
might be handy for me too... [ This is probably OT for this list...]
--
Karl E. Jørgensen
[EMAIL PROTECTED]
www.karl.jorgensen.com
==== Today's fortune:
What the scientists have in their briefcases is terrifying.
-- Nikita Khruschev
pgpndSW8IrYbE.pgp
Description: PGP signature
