[sf-lug] problem with callback on embedded linux box
jim stockford
jim at well.com
Mon Oct 23 08:48:49 PDT 2006
Here's what i think is an interesting problem. Some one
elsewhere asks:
--------------------------------------------------
Does anyone have experience with callback on Linux with mgetty?
I'm trying to get it working on a Cyclades console server box that has
imbedded Linux. I can get the callback to work, but I want to turn off
direct dial in.
Currently the way it works is you have a user in
/etc/mgetty/login.config. If you call into the box and enter that name
(the default is cbuser) it will hang up and call you back at the number
associated with that user. That works fine.
The problem is if you enter any other user with a login in etc/passwd,
like root, you are prompted for a password and you're logged in. Since
this box will sit on the customer's network, if someone gets in, they
can go anywhere, not to mention accessing the router/switches that this
box is connected to.
This is a major security issue and if a solution is not found by the
vendor or myself, I will have to start looking for a different console
server solution that will work.
Here's a description of how it works, but they don't address the dialin
issue.
http://astrolog.offline.ee/linux/callback.shtml
(for those that haven't seen my posts in MS Windows or Networking, I
inherited this project and they already had evaluation units from
Cyclades)
More information about the sf-lug
mailing list