Bug#881626: busybox: enable telnetd
On Tuesday, 18 January 2022 01:17:38 CET Jonathan Rubenstein wrote: > Maybe this is an indication that busybox-static needs to be audited, or > that all 3 configurations should be audited to make sure something isn't > missing that has no reason to be. IIUC, that is planned: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998803#25 signature.asc Description: This is a digitally signed message part.
Bug#881626: busybox: enable telnetd
busybox-stable Pardon me, I need to proofread. I mean busybox-static. Best Regards, Jonathan Rubenstein
Bug#881626: busybox: enable telnetd
We will not enable telnetd in any of the flavours of busybox that we currently package. Respectfully, telnetd has been enabled for busybox-stable since 2010, so you can install busybox-stable. Maybe this is an indication that busybox-stable needs to be audited, or that all 3 configurations should be audited to make sure something isn't missing that has no reason to be. (I have a few in mind already, but they deserve their own bugs) Best Regards, Jonathan Rubenstein
Bug#881626: busybox: enable telnetd
On 07/04/2018 13:47, Luca Boccassi wrote: > Dear Maintainers, > > Any chance this patch could be looked at? > It would really help those of us in the networking world using Debian, > and would make no difference for anybody else as there's no > service/init script to start the daemon automatically. Hi Luca, It would be remiss of us to deliberately introduce support for a network protocol that has no realistic prospect of secure operation. We will not enable telnetd in any of the flavours of busybox that we currently package. I would encourage you to build your own busybox packages if you need this functionality, or to simply install one of the multiple available standalone telnetd packages available in Debian. That being said, a new flavour of busybox is under consideration that enables all possible feature flags (within reason). Given the goal of such a package, it would be entirely possible for telnetd to be included in it. There is no timeline for the introduction of such a package and every chance it might not happen, though. Best regards, Chris -- Chris Boot bo...@debian.org signature.asc Description: OpenPGP digital signature
Bug#881626: busybox: enable telnetd
On Mon, 13 Nov 2017 17:16:26 + Luca Boccassi wrote: > Package: busybox > Version: 1.27.2-1 > Severity: wishlist > Tags: patch > > Dear Maintainers, > > Please consider enabling telnetd in the busybox package. A tiny and > trivial patch to set the config is attached inline. A rebuild with that > change seems to work fine. > > As much as I wish it wasn't the case, telnet is still widely used, > especially in the ISP/telco world. Telcos networking engineers expect > to be able to telnet into boxes in their network even today. > > Having telnetd available without having to rebuild busybox would be > extremely handy when using Debian (or derivatives) in small boxes (eg: > arm64) inside a telecommunication provider's network. > > Thanks! > > -- > Kind regards, > Luca Boccassi > > > From b9a2c82b4120a698b6350c7550f5286008892f2c Mon Sep 17 00:00:00 2001 > From: Luca Boccassi > Date: Mon, 13 Nov 2017 17:05:12 + > Subject: [PATCH] Enable telnetd > > --- > debian/config/pkg/deb | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/debian/config/pkg/deb b/debian/config/pkg/deb > index 290205d99..73428dc5b 100644 > --- a/debian/config/pkg/deb > +++ b/debian/config/pkg/deb > @@ -903,8 +903,8 @@ CONFIG_TELNET=y > CONFIG_FEATURE_TELNET_TTYPE=y > CONFIG_FEATURE_TELNET_AUTOLOGIN=y > CONFIG_FEATURE_TELNET_WIDTH=y > -# CONFIG_TELNETD is not set > -# CONFIG_FEATURE_TELNETD_STANDALONE is not set > +CONFIG_TELNETD=y > +CONFIG_FEATURE_TELNETD_STANDALONE=y > # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set > CONFIG_TFTP=y > # CONFIG_TFTPD is not set > -- > 2.11.0 Dear Maintainers, Any chance this patch could be looked at? It would really help those of us in the networking world using Debian, and would make no difference for anybody else as there's no service/init script to start the daemon automatically. Thanks! -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#881626: busybox: enable telnetd
On Tue, 2017-11-14 at 14:30 -0500, Lennart Sorensen wrote: > On Tue, Nov 14, 2017 at 06:59:41PM +, Holger Levsen wrote: > > you are aware that this would only cause (these) people to switch > > away > > from Debian, but not from telnet? > > I honestly believe they just haven't tried. As long as you indulge > them, > they will keep training new people with bad habits. It won't go away > until you make it go away. Sometimes you really do have to tell > people no. Sorry, but that's just not the case. Honestly, I tried, may others have too, it's just not going to happen - either Debian provides it, or they'll go somewhere else (or ask for the services to be based on a different distro and so on). > > also, I miss your removal requests for the telnetd and ftpd and > > (countless) other packages. > > > > to the original poster: what's wrong with installing telnetd? its > > only > > 103kb in size... Well for small systems for starters - most tools provided by busybox are "just a few kb in size", but we still use it. More importantly in my case, busybox telnetd is really standalone and can do inetd work by itself, which is not the case for the standard telnetd. So it's not just a matter of footprint, but lack of feature too. > Well at least in a separate package you don't accidentally get it > just > by installing busybox. Even if you install it, it won't do anything unless you enable it via an init script or by starting it manually. So there's no chance of using it by mistake. -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#881626: busybox: enable telnetd
On Tue, Nov 14, 2017 at 06:59:41PM +, Holger Levsen wrote: > you are aware that this would only cause (these) people to switch away > from Debian, but not from telnet? I honestly believe they just haven't tried. As long as you indulge them, they will keep training new people with bad habits. It won't go away until you make it go away. Sometimes you really do have to tell people no. > also, I miss your removal requests for the telnetd and ftpd and > (countless) other packages. > > to the original poster: what's wrong with installing telnetd? its only > 103kb in size... Well at least in a separate package you don't accidentally get it just by installing busybox. -- Len Sorensen
Bug#881626: busybox: enable telnetd
On Tue, Nov 14, 2017 at 01:35:14PM -0500, Lennart Sorensen wrote: > Anything that makes it more work for you and hence gives more incentive > for you to get the clueless people that want to keep using telnet to > change is a good thing. Allowing telnet access ought to be made as > difficult as possible. LOL. you are aware that this would only cause (these) people to switch away from Debian, but not from telnet? also, I miss your removal requests for the telnetd and ftpd and (countless) other packages. to the original poster: what's wrong with installing telnetd? its only 103kb in size... -- cheers, Holger signature.asc Description: PGP signature
Bug#881626: busybox: enable telnetd
On Tue, 2017-11-14 at 13:35 -0500, Lennart Sorensen wrote: > On Mon, Nov 13, 2017 at 05:16:26PM +, Luca Boccassi wrote: > > Package: busybox > > Version: 1.27.2-1 > > Severity: wishlist > > Tags: patch > > > > Dear Maintainers, > > > > Please consider enabling telnetd in the busybox package. A tiny and > > trivial patch to set the config is attached inline. A rebuild with > > that > > change seems to work fine. > > > > As much as I wish it wasn't the case, telnet is still widely used, > > especially in the ISP/telco world. Telcos networking engineers > > expect > > to be able to telnet into boxes in their network even today. > > > > Having telnetd available without having to rebuild busybox would be > > extremely handy when using Debian (or derivatives) in small boxes > > (eg: > > arm64) inside a telecommunication provider's network. > > Anything that makes it more work for you and hence gives more > incentive > for you to get the clueless people that want to keep using telnet to > change is a good thing. Allowing telnet access ought to be made as > difficult as possible. > > People have been saying to not use telnet for about 20 years now. > They better have learned by now. Again, I wish it could work like that. Sadly, it doesn't. More work for me just means more work for me, nothing else. The people that want telnet will keep using telnet, if not from Debian from a downstream fork or from a different distro or worse from a proprietary vendor. It's not that they haven't learned - it's just that they don't care. -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#881626: busybox: enable telnetd
On Mon, Nov 13, 2017 at 05:16:26PM +, Luca Boccassi wrote: > Package: busybox > Version: 1.27.2-1 > Severity: wishlist > Tags: patch > > Dear Maintainers, > > Please consider enabling telnetd in the busybox package. A tiny and > trivial patch to set the config is attached inline. A rebuild with that > change seems to work fine. > > As much as I wish it wasn't the case, telnet is still widely used, > especially in the ISP/telco world. Telcos networking engineers expect > to be able to telnet into boxes in their network even today. > > Having telnetd available without having to rebuild busybox would be > extremely handy when using Debian (or derivatives) in small boxes (eg: > arm64) inside a telecommunication provider's network. Anything that makes it more work for you and hence gives more incentive for you to get the clueless people that want to keep using telnet to change is a good thing. Allowing telnet access ought to be made as difficult as possible. People have been saying to not use telnet for about 20 years now. They better have learned by now. -- Len Sorensen
Bug#881626: busybox: enable telnetd
On Tue, Nov 14, 2017 at 01:50:52PM +0100, Wouter Verhelst wrote: > On Mon, Nov 13, 2017 at 05:16:26PM +, Luca Boccassi wrote: > > > > Please consider enabling telnetd in the busybox package. > > > > As much as I wish it wasn't the case, telnet is still widely used, > > especially in the ISP/telco world. Telcos networking engineers expect > > to be able to telnet into boxes in their network even today. > > As much as I don't mind doing weird things in support of weird use > cases, in this particular case I think that would be sending out the > wrong message. We shouldn't do that, IMO, but rather encourage people to > switch to SSH instead of telnet. Busybox upstream does that in https://busybox.net/tinyutils.html Which has a pointer to http://matt.ucc.asn.au/dropbear/ > It might make sense to add some documentation that explains why telnet > isn't supported, however. Text from the homepage of dropbear Dropbear SSH Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers. That in other words: There is an alternative for telnetd There is NO need to keep sending clear text passwords ... Groeten Geert Stappers -- Leven en laten leven
Bug#881626: busybox: enable telnetd
On Tue, 2017-11-14 at 13:50 +0100, Wouter Verhelst wrote: > On Mon, Nov 13, 2017 at 05:16:26PM +, Luca Boccassi wrote: > > Package: busybox > > Version: 1.27.2-1 > > Severity: wishlist > > Tags: patch > > > > Dear Maintainers, > > > > Please consider enabling telnetd in the busybox package. A tiny and > > trivial patch to set the config is attached inline. A rebuild with > > that > > change seems to work fine. > > > > As much as I wish it wasn't the case, telnet is still widely used, > > especially in the ISP/telco world. Telcos networking engineers > > expect > > to be able to telnet into boxes in their network even today. > > As much as I don't mind doing weird things in support of weird use > cases, in this particular case I think that would be sending out the > wrong message. We shouldn't do that, IMO, but rather encourage people > to > switch to SSH instead of telnet. > > It might make sense to add some documentation that explains why > telnet > isn't supported, however. I wish that could happen, I swear. Having to support it is just... "fun". :-( We tried. Everybody knows it's bad, insecure, generally horrible and all that. But at the very least until all the network operators trained by a certain network hardware vendor will retire demand for telnet is not going away, sadly. I wish I could do anything to change that. > As an aside, can you tell which telco's we are talking about? Right now it's an North American provider with a three characters name ;-) But I've yet to find one telco that doesn't demand telnet, unfortunately. They are not alone in that. Thanks! -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#881626: busybox: enable telnetd
On Mon, Nov 13, 2017 at 05:16:26PM +, Luca Boccassi wrote: > Package: busybox > Version: 1.27.2-1 > Severity: wishlist > Tags: patch > > Dear Maintainers, > > Please consider enabling telnetd in the busybox package. A tiny and > trivial patch to set the config is attached inline. A rebuild with that > change seems to work fine. > > As much as I wish it wasn't the case, telnet is still widely used, > especially in the ISP/telco world. Telcos networking engineers expect > to be able to telnet into boxes in their network even today. As much as I don't mind doing weird things in support of weird use cases, in this particular case I think that would be sending out the wrong message. We shouldn't do that, IMO, but rather encourage people to switch to SSH instead of telnet. It might make sense to add some documentation that explains why telnet isn't supported, however. As an aside, can you tell which telco's we are talking about? -- Could you people please use IRC like normal people?!? -- Amaya Rodrigo Sastre, trying to quiet down the buzz in the DebConf 2008 Hacklab
Bug#881626: busybox: enable telnetd
Package: busybox Version: 1.27.2-1 Severity: wishlist Tags: patch Dear Maintainers, Please consider enabling telnetd in the busybox package. A tiny and trivial patch to set the config is attached inline. A rebuild with that change seems to work fine. As much as I wish it wasn't the case, telnet is still widely used, especially in the ISP/telco world. Telcos networking engineers expect to be able to telnet into boxes in their network even today. Having telnetd available without having to rebuild busybox would be extremely handy when using Debian (or derivatives) in small boxes (eg: arm64) inside a telecommunication provider's network. Thanks! -- Kind regards, Luca Boccassi From b9a2c82b4120a698b6350c7550f5286008892f2c Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Mon, 13 Nov 2017 17:05:12 + Subject: [PATCH] Enable telnetd --- debian/config/pkg/deb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/config/pkg/deb b/debian/config/pkg/deb index 290205d99..73428dc5b 100644 --- a/debian/config/pkg/deb +++ b/debian/config/pkg/deb @@ -903,8 +903,8 @@ CONFIG_TELNET=y CONFIG_FEATURE_TELNET_TTYPE=y CONFIG_FEATURE_TELNET_AUTOLOGIN=y CONFIG_FEATURE_TELNET_WIDTH=y -# CONFIG_TELNETD is not set -# CONFIG_FEATURE_TELNETD_STANDALONE is not set +CONFIG_TELNETD=y +CONFIG_FEATURE_TELNETD_STANDALONE=y # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set CONFIG_TFTP=y # CONFIG_TFTPD is not set -- 2.11.0 signature.asc Description: This is a digitally signed message part