[Coco] Telnet to your CoCo.. and invite 6 of your friends

Aaron Wolfe aawolfe at gmail.com
Sat Nov 28 17:53:53 EST 2009


"Security" in OS-9 seems to be mostly based on the honor system.
There seem to be multiple ways to circumvent what few controls are in
place.  This is not a dig at the system, compared to other micro
operating systems and even some larger computers of the time, its
still very nice.   The real limitation is that the Coco cannot protect
memory as far as I can tell.

The subject of my previous message was mostly a joke, I doubt many of
us know 1, much less 6 people who would want to connect to our Cocos
:)  Still, your warning is appropriate for anyone who wants to put a
shell or something that provides direct access to the filesystem, etc
online.

We don't want to give some very confused script kiddie the honor of
being the first (?) OS-9 cracker.

I mostly guess people would use this feature to run a multiline BBS,
which *should* have it's own security, or to have several shells
running across a LAN to a local development machine, which is what
I've been using it for.  If anyone really wants to open up a shell to
the internet, it might be wiser to put the DriveWire server in PTY
mode and then use the security mechanisms of the server machine to
control access.

It would also be trivial to add a simple password check before
allowing a connection to a port, if that would be useful.

-Aaron


On Sat, Nov 28, 2009 at 5:17 PM, Willard Goosey <goosey at virgo.sdc.org> wrote:
> On Sat, Nov 28, 2009 at 07:53:42AM -0500, Aaron Wolfe wrote:
>> I've got the inbound TCP connection portion of my project completed.
>> You can now have up to 7 inbound connections to your CoCo using
>> telnet.
>
> Before you get to crazy with this you might want to play around with
> programs that use setuid().  I was thumbing through the Tandy LII docs
> a few days ago and noticed that, according to that infamously
> error-ridden book, F$SETID (or whatever exactly it's called) doesn't
> do any sort of security check, it just succeeds.  In other words, any
> user can change his user id to any other user.
>
> Or, the book could be wrong.  Again.
>
> Or, Boisy (or the earlier NitrOS people) might have done something to
> fix this.
>
> Willard
> --
> Willard Goosey  goosey at sdc.org
> Socorro, New Mexico, USA
> I search my heart and find Cimmeria, land of Darkness and the Night.
>  -- R.E. Howard
>
> --
> Coco mailing list
> Coco at maltedmedia.com
> http://five.pairlist.net/mailman/listinfo/coco
>



More information about the Coco mailing list