[Coco] Telnet to your CoCo.. and invite 6 of your friends
Tim Fadden
t.fadden at cox.net
Sun Nov 29 00:14:49 EST 2009
Non-technical explanation from experience. tsmon watches the serial line
for input. It then calls the login program which prompts for user-name
and password. The password file is is in /dd/sys It contains in this
order:
loginname,password,userid,priority,cmds_dir,home_dir,program_to_run If
the permissions are set properly, this file can only be read by root
(userid 0),
1. User Name; tim
2. Mypassword
3. 3 (Non-root userid)
4. 128 (any value between 1 and 255) how much cpu time he gets. 128 is
equal time with other processes.
5. /dd/cmds ( or some other cmds dir for more security)
6. /dd/usr/tim my home directory set such that only myself userid 3
and root can access
7. shell (This could just as well be some other program
like a bbs front end. or the sculptor database "menu" program.
IF some thought and work is put into setting directory and file
permissions propperly os9 is more secure than any windows, very simalar
to unix.
In my case I use /t2 to connect to my system from its serial line. This
is set up with the commands in my startup file :
smode /t2 bau=6
tsmon /t2&
I then use the program "telnet BBs server" on a windows box that takes
input from the internet, and connects to the coco serial port. So that
when I telnet to the with telnet from any box on the net I get a
connection to the coco with:
CoCo-OS9
connecting...
NitrOS-9/6809 Level 2 V3.2.8 on the Tandy Color Computer 3 2009/11/28
21:56:25
User name?: tim
Password:
Word of note here. the original os9 login program did not echo the
password input. the current nitros09 login does, which is a security
fault and should be corrected. I am not a programmer, any takers?
after I put in my password in this case a shell is opened.
Process #04 logged on 2009/11/28 21:58:12
Welcome!
Welcome
to
NitrOS-9 Level 2
for the
Color Computer 3
Shell+ v2.2a 09/11/28 21:58:12
This login can be as restrictive, or as open as you want it to be. If
the person logging in can only run cmds and see files and dirs than you
allow them to, how would it be insecure?
Or, write your own bbs front end and start it!
Permissions of cmds in the cmds dir can be set such that only specific
cmds can be run by only user root, directories can be set such that only
the dir owner can access the dirs and files owned by that specific user ID.
I use this regularly to connect to my coco from work.
Tim Fadden
Wayne Campbell wrote:
> I am probably too ignorant to even touch on this topic, but it seems to me it's a matter of permissions. Just like with Unix, OS-9 allows you to set access permissions based on the attributes of the file/folder/program. In order for a user to use a program, they have to have permission to access the directory, and the file and/or program to use it.
>
> With this in mind, one can establish a userlevel that makes it possible to prevent users with lower access levels from using or accessing things requiring higher access levels. Is this not the case with OS-9?
>
> I seem to recall something about userlevel using tsmon. Again, I'm not that educated in this field, so please forgive any implication of understanding on my part.
>
> Wayne
>
>
>
>
> ________________________________
> From: Willard Goosey <goosey at virgo.sdc.org>
> To: CoCoList for Color Computer Enthusiasts <coco at maltedmedia.com>
> Sent: Sat, November 28, 2009 8:31:05 PM
> Subject: Re: [Coco] Telnet to your CoCo.. and invite 6 of your friends
>
> On Sat, Nov 28, 2009 at 05:53:53PM -0500, Aaron Wolfe wrote:
>
>> "Security" in OS-9 seems to be mostly based on the honor system.
>>
>
> Unfortunately. I'd always been under the impression that while the
> security wasn't complete, what was there worked properly. This doesn't
> seem to be the case.
>
>
>> The real limitation is that the Coco cannot protect
>> memory as far as I can tell.
>>
>>
> Correct. It's a hardware limitation of the MMU, not the operating
> system's fault.
>
>
>> I mostly guess people would use this feature to run a multiline BBS,
>> which *should* have it's own security,
>>
>
> Yeah, I never did the BBS thing, so I don't really understand it.
> Without shell access, what's the point? ;-) See, my first experience
> with multi-user machines was UNIX.
>
>
>> It would also be trivial to add a simple password check before
>> allowing a connection to a port, if that would be useful.
>>
>
> I believe there are replacement login programs with a real(-ish ;)
> password program with them on RTSI.
>
> Willard
>
More information about the Coco
mailing list