[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: service enablement via mail and otp?

On Thu, Aug 01, 2002 at 08:09:31AM +0900, sen_ml@eccosys.com wrote:
> Hi,
> From: "Karl E. Jorgensen" <karl@jorgensen.com>
> Subject: Re: service enablement via mail and otp?
> Date: Wed, 31 Jul 2002 13:47:16 +0100
> > On Wed, Jul 31, 2002 at 02:01:14PM +0200, Marcin Owsiany wrote:
> > > On Wed, Jul 31, 2002 at 01:37:30PM +0900, sen_ml@eccosys.com wrote:
> > > > Hi,
> > > > 
> > > > For some time, I've been toying w/ the idea of putting together
> > > > something that would allow me to trigger the starting/stopping of
> > > > various services [1] via a mail message containing some kind of OTP.
> > > 
> > > Recently I have seen someone posting an URL to his program which does
> > > something like that. It used GPG. 
> > > 
> > > I can't find the post, but I think you could find it looking for
> > > keywords like "mail" "execution" "remote" etc..
> > > 
> > > I guess it was this list, but I'm not sure.
> > 
> > That someone could have been me:
> >     http://www.karl.jorgensen.com/smash
> > 
> > Note: This is not production quality (yet). I use it myself on a couple
> >       of machines and find it useful. Testers and bugreports are
> >       welcome. Eyes on the source to find security weaknesses are in
> >       high demand. Read the man-page. Caveat Emptor.
> This could be nice...too nice for me perhaps (-;
> I've downloaded a copy and taken a quick look at the man page -- I
> didn't notice anything about mechanisms for dealing w/ replay attacks
> in the man page -- are there any?

No. I have to admit that I hadn't even thought about replay attacks :-(.

I'll have to see what methods others have employed to avoid them (or
think up a probably-less-secure method myself).

Thinking about it: this would definitely be a good thing to add to

At some point I did ask on this list for where to find QA resources and
got a couple of good answers. But unfortunately I haven't yet had time
to follow up on them.

> The reason I like the OTP design for my particular situation is that I
> don't want to carry around a PGP key [1] and I don't want to mess w/
> doing some kind of round-trip-challenge-response thing via mail to
> deal w/ potential replay attacks.

Hm... GPG *does* have a --symmetric option, which seems to not use keys
at all. Assuming that a suitable method for generating (and
keeping-in-sync) passphrases between your PDA and smash, do you think
that would be suitable for you? This probably implies storing/generating
acceptable passphases locally (for smash) in clear-text...

[ Almost going off-topic for this list now...]

> I'm also more comfortable w/ only allowing limited command execution
> -- specifically, only starting a single-session-only sshd (perhaps
> stopping sshd too) -- so that worse case, someone can only start sshd
> on a machine I'm looking after.  Any plans for limiting the commands
> to be executed?

Not yet. But it should be reasonably simple to add extensions to check
the script immediately before execution. I'd prefer to implement such
extensions as separate scripts.  I like that idea. One more on my TODO

However, I *do* have plans to allow commands to be mime-decoded and
executed under a different user.  This is mostly to ringfence any bugs
in the mime decoding (which I suspect is not "strong" security-wise).
This would also help to protect ~/.gnupg/* and ~/.procmailrc.

> [1] I've got OTP calculators for my PDA which I'm fine w/ carrying.
>     Actually, what I don't want is to carry around a secret key and a
>     corresponding device to do the encryption/signing/decryption
>     (perhaps some day PDAs will do this comfortably).  I'm not about
>     to place a secret key of mine on someone else's machine...

Which OTP calculator (and PDA) do you use? I've got a PDA too, and this
might be handy for me too... [ This is probably OT for this list...]

Karl E. Jørgensen
==== Today's fortune:
What the scientists have in their briefcases is terrifying.
		-- Nikita Khruschev

Attachment: pgpMMwo7XOgxy.pgp
Description: PGP signature

Reply to: