Bug#881626: busybox: enable telnetd

[Diederik de Haas]

On Tuesday, 18 January 2022 01:17:38 CET Jonathan Rubenstein wrote:
> Maybe this is an indication that busybox-static needs to be audited, or
> that all 3 configurations should be audited to make sure something isn't
> missing that has no reason to be.

IIUC, that is planned: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998803#25

signature.asc
Description: This is a digitally signed message part.

Bug#881626: busybox: enable telnetd

[Jonathan Rubenstein]

busybox-stable


Pardon me, I need to proofread.

I mean busybox-static.



Best Regards,
Jonathan Rubenstein

Bug#881626: busybox: enable telnetd

[Jonathan Rubenstein]

We will not enable telnetd in any of the flavours of busybox that we currently 
package.


Respectfully, telnetd has been enabled for busybox-stable since 2010, so 
you can install busybox-stable.


Maybe this is an indication that busybox-stable needs to be audited, or 
that all 3 configurations should be audited to make sure something isn't 
missing that has no reason to be.


(I have a few in mind already, but they deserve their own bugs)



Best Regards,
Jonathan Rubenstein

Bug#881626: busybox: enable telnetd

[Chris Boot]

On 07/04/2018 13:47, Luca Boccassi wrote:
> Dear Maintainers,
> 
> Any chance this patch could be looked at? 
> It would really help those of us in the networking world using Debian,
> and would make no difference for anybody else as there's no
> service/init script to start the daemon automatically.

Hi Luca,

It would be remiss of us to deliberately introduce support for a network
protocol that has no realistic prospect of secure operation. We will not
enable telnetd in any of the flavours of busybox that we currently package.

I would encourage you to build your own busybox packages if you need
this functionality, or to simply install one of the multiple available
standalone telnetd packages available in Debian.

That being said, a new flavour of busybox is under consideration that
enables all possible feature flags (within reason). Given the goal of
such a package, it would be entirely possible for telnetd to be included
in it. There is no timeline for the introduction of such a package and
every chance it might not happen, though.

Best regards,
Chris

-- 
Chris Boot
bo...@debian.org



signature.asc
Description: OpenPGP digital signature

Bug#881626: busybox: enable telnetd

[Luca Boccassi]

On Mon, 13 Nov 2017 17:16:26 + Luca Boccassi 
wrote:
> Package: busybox
> Version: 1.27.2-1
> Severity: wishlist
> Tags: patch
> 
> Dear Maintainers,
> 
> Please consider enabling telnetd in the busybox package. A tiny and
> trivial patch to set the config is attached inline. A rebuild with
that
> change seems to work fine.
> 
> As much as I wish it wasn't the case, telnet is still widely used,
> especially in the ISP/telco world. Telcos networking engineers expect
> to be able to telnet into boxes in their network even today.
> 
> Having telnetd available without having to rebuild busybox would be
> extremely handy when using Debian (or derivatives) in small boxes
(eg:
> arm64) inside a telecommunication provider's network.
> 
> Thanks!
> 
> -- 
> Kind regards,
> Luca Boccassi
> 
> 
> From b9a2c82b4120a698b6350c7550f5286008892f2c Mon Sep 17 00:00:00
2001
> From: Luca Boccassi 
> Date: Mon, 13 Nov 2017 17:05:12 +
> Subject: [PATCH] Enable telnetd
> 
> ---
>  debian/config/pkg/deb | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/debian/config/pkg/deb b/debian/config/pkg/deb
> index 290205d99..73428dc5b 100644
> --- a/debian/config/pkg/deb
> +++ b/debian/config/pkg/deb
> @@ -903,8 +903,8 @@ CONFIG_TELNET=y
>  CONFIG_FEATURE_TELNET_TTYPE=y
>  CONFIG_FEATURE_TELNET_AUTOLOGIN=y
>  CONFIG_FEATURE_TELNET_WIDTH=y
> -# CONFIG_TELNETD is not set
> -# CONFIG_FEATURE_TELNETD_STANDALONE is not set
> +CONFIG_TELNETD=y
> +CONFIG_FEATURE_TELNETD_STANDALONE=y
>  # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
>  CONFIG_TFTP=y
>  # CONFIG_TFTPD is not set
> -- 
> 2.11.0

Dear Maintainers,

Any chance this patch could be looked at? 
It would really help those of us in the networking world using Debian,
and would make no difference for anybody else as there's no
service/init script to start the daemon automatically.

Thanks!

-- 
Kind regards,
Luca Boccassi

signature.asc
Description: This is a digitally signed message part

Bug#881626: busybox: enable telnetd

[Luca Boccassi]

On Tue, 2017-11-14 at 14:30 -0500, Lennart Sorensen wrote:
> On Tue, Nov 14, 2017 at 06:59:41PM +, Holger Levsen wrote:
> > you are aware that this would only cause (these) people to switch
> > away
> > from Debian, but not from telnet?
> 
> I honestly believe they just haven't tried.  As long as you indulge
> them,
> they will keep training new people with bad habits.  It won't go away
> until you make it go away.  Sometimes you really do have to tell
> people no.

Sorry, but that's just not the case. Honestly, I tried, may others have
too, it's just not going to happen - either Debian provides it, or
they'll go somewhere else (or ask for the services to be based on a
different distro and so on).

> > also, I miss your removal requests for the telnetd and ftpd and
> > (countless) other packages.
> > 
> > to the original poster: what's wrong with installing telnetd? its
> > only
> > 103kb in size...

Well for small systems for starters - most tools provided by busybox
are "just a few kb in size", but we still use it.

More importantly in my case, busybox telnetd is really standalone and
can do inetd work by itself, which is not the case for the standard
telnetd. So it's not just a matter of footprint, but lack of feature
too.

> Well at least in a separate package you don't accidentally get it
> just
> by installing busybox.

Even if you install it, it won't do anything unless you enable it via
an init script or by starting it manually. So there's no chance of
using it by mistake.

-- 
Kind regards,
Luca Boccassi

signature.asc
Description: This is a digitally signed message part

Bug#881626: busybox: enable telnetd

[Lennart Sorensen]

On Tue, Nov 14, 2017 at 06:59:41PM +, Holger Levsen wrote:
> you are aware that this would only cause (these) people to switch away
> from Debian, but not from telnet?

I honestly believe they just haven't tried.  As long as you indulge them,
they will keep training new people with bad habits.  It won't go away
until you make it go away.  Sometimes you really do have to tell
people no.

> also, I miss your removal requests for the telnetd and ftpd and
> (countless) other packages.
> 
> to the original poster: what's wrong with installing telnetd? its only
> 103kb in size...

Well at least in a separate package you don't accidentally get it just
by installing busybox.

-- 
Len Sorensen

Bug#881626: busybox: enable telnetd

[Luca Boccassi]

On Tue, 2017-11-14 at 13:35 -0500, Lennart Sorensen wrote:
> On Mon, Nov 13, 2017 at 05:16:26PM +, Luca Boccassi wrote:
> > Package: busybox
> > Version: 1.27.2-1
> > Severity: wishlist
> > Tags: patch
> > 
> > Dear Maintainers,
> > 
> > Please consider enabling telnetd in the busybox package. A tiny and
> > trivial patch to set the config is attached inline. A rebuild with
> > that
> > change seems to work fine.
> > 
> > As much as I wish it wasn't the case, telnet is still widely used,
> > especially in the ISP/telco world. Telcos networking engineers
> > expect
> > to be able to telnet into boxes in their network even today.
> > 
> > Having telnetd available without having to rebuild busybox would be
> > extremely handy when using Debian (or derivatives) in small boxes
> > (eg:
> > arm64) inside a telecommunication provider's network.
> 
> Anything that makes it more work for you and hence gives more
> incentive
> for you to get the clueless people that want to keep using telnet to
> change is a good thing.  Allowing telnet access ought to be made as
> difficult as possible.
> 
> People have been saying to not use telnet for about 20 years now.
> They better have learned by now.

Again, I wish it could work like that. Sadly, it doesn't. More work for
me just means more work for me, nothing else. The people that want
telnet will keep using telnet, if not from Debian from a downstream
fork or from a different distro or worse from a proprietary vendor.

It's not that they haven't learned - it's just that they don't care.

-- 
Kind regards,
Luca Boccassi

signature.asc
Description: This is a digitally signed message part

Bug#881626: busybox: enable telnetd

[Holger Levsen]

On Tue, Nov 14, 2017 at 01:35:14PM -0500, Lennart Sorensen wrote:
> Anything that makes it more work for you and hence gives more incentive
> for you to get the clueless people that want to keep using telnet to
> change is a good thing.  Allowing telnet access ought to be made as
> difficult as possible.

LOL.

you are aware that this would only cause (these) people to switch away
from Debian, but not from telnet?

also, I miss your removal requests for the telnetd and ftpd and
(countless) other packages.

to the original poster: what's wrong with installing telnetd? its only
103kb in size...


-- 
cheers,
Holger


signature.asc
Description: PGP signature

Bug#881626: busybox: enable telnetd

[Lennart Sorensen]

On Mon, Nov 13, 2017 at 05:16:26PM +, Luca Boccassi wrote:
> Package: busybox
> Version: 1.27.2-1
> Severity: wishlist
> Tags: patch
> 
> Dear Maintainers,
> 
> Please consider enabling telnetd in the busybox package. A tiny and
> trivial patch to set the config is attached inline. A rebuild with that
> change seems to work fine.
> 
> As much as I wish it wasn't the case, telnet is still widely used,
> especially in the ISP/telco world. Telcos networking engineers expect
> to be able to telnet into boxes in their network even today.
> 
> Having telnetd available without having to rebuild busybox would be
> extremely handy when using Debian (or derivatives) in small boxes (eg:
> arm64) inside a telecommunication provider's network.

Anything that makes it more work for you and hence gives more incentive
for you to get the clueless people that want to keep using telnet to
change is a good thing.  Allowing telnet access ought to be made as
difficult as possible.

People have been saying to not use telnet for about 20 years now.
They better have learned by now.

-- 
Len Sorensen

Bug#881626: busybox: enable telnetd

[Geert Stappers]

On Tue, Nov 14, 2017 at 01:50:52PM +0100, Wouter Verhelst wrote:
> On Mon, Nov 13, 2017 at 05:16:26PM +, Luca Boccassi wrote:
> > 
> > Please consider enabling telnetd in the busybox package.
> > 
> > As much as I wish it wasn't the case, telnet is still widely used,
> > especially in the ISP/telco world. Telcos networking engineers expect
> > to be able to telnet into boxes in their network even today.
> 
> As much as I don't mind doing weird things in support of weird use
> cases, in this particular case I think that would be sending out the
> wrong message. We shouldn't do that, IMO, but rather encourage people to
> switch to SSH instead of telnet.

Busybox upstream does that in https://busybox.net/tinyutils.html
Which has a pointer to http://matt.ucc.asn.au/dropbear/

> It might make sense to add some documentation that explains why telnet
> isn't supported, however.

Text from the homepage of dropbear

  Dropbear SSH

  Dropbear is a relatively small SSH server and client. It runs on a
  variety of POSIX-based platforms. Dropbear is open source software,
  distributed under a MIT-style license. Dropbear is particularly useful
  for "embedded"-type Linux (or other Unix) systems, such as wireless
  routers.


That in other words:

  There is an alternative for telnetd

  There is NO need to keep sending clear text passwords ...



Groeten
Geert Stappers
-- 
Leven en laten leven

Bug#881626: busybox: enable telnetd

[Luca Boccassi]

On Tue, 2017-11-14 at 13:50 +0100, Wouter Verhelst wrote:
> On Mon, Nov 13, 2017 at 05:16:26PM +, Luca Boccassi wrote:
> > Package: busybox
> > Version: 1.27.2-1
> > Severity: wishlist
> > Tags: patch
> > 
> > Dear Maintainers,
> > 
> > Please consider enabling telnetd in the busybox package. A tiny and
> > trivial patch to set the config is attached inline. A rebuild with
> > that
> > change seems to work fine.
> > 
> > As much as I wish it wasn't the case, telnet is still widely used,
> > especially in the ISP/telco world. Telcos networking engineers
> > expect
> > to be able to telnet into boxes in their network even today.
> 
> As much as I don't mind doing weird things in support of weird use
> cases, in this particular case I think that would be sending out the
> wrong message. We shouldn't do that, IMO, but rather encourage people
> to
> switch to SSH instead of telnet.
> 
> It might make sense to add some documentation that explains why
> telnet
> isn't supported, however.

I wish that could happen, I swear. Having to support it is just...
"fun". :-(

We tried. Everybody knows it's bad, insecure, generally horrible and
all that. But at the very least until all the network operators trained
by a certain network hardware vendor will retire demand for telnet is
not going away, sadly. I wish I could do anything to change that.

> As an aside, can you tell which telco's we are talking about?

Right now it's an North American provider with a three characters name
;-) But I've yet to find one telco that doesn't demand telnet,
unfortunately. They are not alone in that.

Thanks!

-- 
Kind regards,
Luca Boccassi

signature.asc
Description: This is a digitally signed message part

Bug#881626: busybox: enable telnetd

[Wouter Verhelst]

On Mon, Nov 13, 2017 at 05:16:26PM +, Luca Boccassi wrote:
> Package: busybox
> Version: 1.27.2-1
> Severity: wishlist
> Tags: patch
> 
> Dear Maintainers,
> 
> Please consider enabling telnetd in the busybox package. A tiny and
> trivial patch to set the config is attached inline. A rebuild with that
> change seems to work fine.
> 
> As much as I wish it wasn't the case, telnet is still widely used,
> especially in the ISP/telco world. Telcos networking engineers expect
> to be able to telnet into boxes in their network even today.

As much as I don't mind doing weird things in support of weird use
cases, in this particular case I think that would be sending out the
wrong message. We shouldn't do that, IMO, but rather encourage people to
switch to SSH instead of telnet.

It might make sense to add some documentation that explains why telnet
isn't supported, however.

As an aside, can you tell which telco's we are talking about?

-- 
Could you people please use IRC like normal people?!?

  -- Amaya Rodrigo Sastre, trying to quiet down the buzz in the DebConf 2008
 Hacklab

Bug#881626: busybox: enable telnetd

[Luca Boccassi]

Package: busybox
Version: 1.27.2-1
Severity: wishlist
Tags: patch

Dear Maintainers,

Please consider enabling telnetd in the busybox package. A tiny and
trivial patch to set the config is attached inline. A rebuild with that
change seems to work fine.

As much as I wish it wasn't the case, telnet is still widely used,
especially in the ISP/telco world. Telcos networking engineers expect
to be able to telnet into boxes in their network even today.

Having telnetd available without having to rebuild busybox would be
extremely handy when using Debian (or derivatives) in small boxes (eg:
arm64) inside a telecommunication provider's network.

Thanks!

-- 
Kind regards,
Luca Boccassi


From b9a2c82b4120a698b6350c7550f5286008892f2c Mon Sep 17 00:00:00 2001
From: Luca Boccassi 
Date: Mon, 13 Nov 2017 17:05:12 +
Subject: [PATCH] Enable telnetd

---
 debian/config/pkg/deb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/config/pkg/deb b/debian/config/pkg/deb
index 290205d99..73428dc5b 100644
--- a/debian/config/pkg/deb
+++ b/debian/config/pkg/deb
@@ -903,8 +903,8 @@ CONFIG_TELNET=y
 CONFIG_FEATURE_TELNET_TTYPE=y
 CONFIG_FEATURE_TELNET_AUTOLOGIN=y
 CONFIG_FEATURE_TELNET_WIDTH=y
-# CONFIG_TELNETD is not set
-# CONFIG_FEATURE_TELNETD_STANDALONE is not set
+CONFIG_TELNETD=y
+CONFIG_FEATURE_TELNETD_STANDALONE=y
 # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
 CONFIG_TFTP=y
 # CONFIG_TFTPD is not set
-- 
2.11.0


signature.asc
Description: This is a digitally signed message part