LISTSERV - HP3000-L Archives

HP3000-L Archives

January 2000, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L January 2000, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: PC File Transfer
From:	"Emerson, Tom # El Monte" <[log in to unmask]>
Reply To:	Emerson, Tom # El Monte
Date:	Tue, 18 Jan 2000 20:16:24 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (61 lines)

This is a very "trusting" script -- consider what happens if a user signs on
from a "non-reflection" terminal...

> -----Original Message-----
> From: Paul H Christidis [mailto:[log in to unmask]]
>
> The attached command file ... transfers the specified file to
> the HP ... submits a batch job ... and then transfers the resulting
> file back to the PC.
>
> parm  userfile, delay=10
[snip to potential security pitfall...]
> continue
> echo !esc&oBSEND !userfile to !pc_host_file ascii delete
> input pc_link
> continue
> !pc_link
> input pc_result
> set echo=on


A user running on a "standard" terminal will see [potentially see, that is]
something like:

<<garbage>>SEND filename to hostfile ascii delete

with the cursor now waiting for input, namely, the "host file transfer
command" as configured in the user's copy of reflection.  Most users will
press <return> trying to regain the computers attention, and nothing will
happen.  An astute "cracker", on the other hand, will notice this [and if he
has knowledge of this particular menu file] could type "RUN CI.PUB.SYS" and
be presented with an interactive session/prompt for as long as he desires to
"bump around" in your system...  (why? because whatever was taken as input
is being executed without any verification it "really was" the "host file
transfer command")

Two easy ways to get around this:

   1) [least effective, but sufficient 99% of the time] place a "timeout" on
the "input pc_link" of, say, 1 second -- the PC should certainly respond
within this amount of time, but most "people" couldn't type fast enough
[caveat -- a cracker could "prepare" a response by pre-loading a function
key...]
   2) [more effective, but potentially error prone] -- explicitly check that
the "pc_link" command returned from the PC does indeed match one of the
following:

     RUN PCLINK.PUB.SYS
     RUN PCLINK2.PUB.SYS
     /SYS/PUB/PCLINK2

    as you can see, with more and more ways of "starting" the PC program,
more and more checks have to be done at this point [or simply "mandate" that
all users must have their PC set a certain way]

Note, of course, a user WITH reflection could still utilize this as a
security breach -- all they have to do is go into their own local settings
for reflection and change the "host transfer command" string to be "run
ci.pub.sys" [or main.pub.vesoft, or qedit.pub.robelle, or anything they darn
well please...]

ATOM RSS1 RSS2

RAVEN.UTC.EDU