[Coco] Telnet to your CoCo.. and invite 6 of your friends

Aaron Wolfe aawolfe at gmail.com
Sun Nov 29 01:01:38 EST 2009


On Sun, Nov 29, 2009 at 12:14 AM, Tim Fadden <t.fadden at cox.net> wrote:
> Non-technical explanation from experience. tsmon watches the serial line for
> input.  It then calls the login program which prompts for user-name and
> password.  The password file is is in /dd/sys  It contains in this order:
> loginname,password,userid,priority,cmds_dir,home_dir,program_to_run  If the
> permissions are set properly, this file can only be read by root (userid 0),
>
>
> 1. User Name;  tim
> 2. Mypassword
> 3. 3  (Non-root userid)
> 4. 128  (any value between 1 and 255) how much cpu time he gets. 128 is
> equal time with other processes.
> 5. /dd/cmds   ( or some other cmds dir for more security)
> 6. /dd/usr/tim   my home directory set such that only myself userid 3 and
> root can access
> 7. shell               (This could just as well be some other program like a
> bbs front end. or the sculptor database "menu" program.
>
> IF some thought and work is put into setting directory and file permissions
> propperly os9 is more secure than any windows, very simalar to unix.
>
> In my case I use /t2 to connect to my system from its serial line. This is
> set up with the commands in my startup file :
>
> smode /t2 bau=6
> tsmon /t2&
>
> I then use the program "telnet BBs server" on a windows box that takes input
> from the internet, and connects to the coco serial port.  So that when I
> telnet to the with telnet from any box on the net I get a connection to the
> coco with:
>
> CoCo-OS9
>
> connecting...
>
> NitrOS-9/6809 Level 2 V3.2.8 on the Tandy Color Computer 3  2009/11/28
> 21:56:25
>
>
> User name?: tim
> Password:
>
> Word of note here.  the original os9 login program did not echo the password
> input. the current nitros09 login does, which is a security fault and should
> be corrected.  I am not a programmer, any takers?
>
> after I put in my password in this case a shell is opened.
>
> Process #04 logged on   2009/11/28 21:58:12
> Welcome!
>
>
>           Welcome
>             to
>
>     NitrOS-9  Level  2
>
>           for the
>
>      Color Computer 3
>
>
> Shell+ v2.2a 09/11/28 21:58:12
>
>
> This login can be as restrictive, or as open as you want it to be.  If the
> person logging in can only run cmds and see files and dirs than you allow
> them to, how would it be insecure?

If the user can write to the disk, they can create a file with a short
sequence of bytes that when executed would allow them to become any
other user.  Not sure if it is possible to set up a system where a
user could actually do anything without allowing them any write access
to any disk.  Maybe you could lock their executable directory down
somehow, and prevent writes there.

> Or, write your own bbs front end and start it!
>
>
>
> Permissions of cmds in the cmds dir can be set such that only specific cmds
> can be run by only user root, directories can be set such that only the dir
> owner can access the dirs and files owned by that specific user ID.
>
> I use this regularly to connect to my coco from work.
>
> Tim Fadden
>
>
>
>
>
> Wayne Campbell wrote:
>>
>> I am probably too ignorant to even touch on this topic, but it seems to me
>> it's a matter of permissions. Just like with Unix, OS-9 allows you to set
>> access permissions based on the attributes of the file/folder/program. In
>> order for a user to use a program, they have to have permission to access
>> the directory, and the file and/or program to use it.
>>
>> With this in mind, one can establish a userlevel that makes it possible to
>> prevent users with lower access levels from using or accessing things
>> requiring higher access levels. Is this not the case with OS-9?
>>
>> I seem to recall something about userlevel using tsmon. Again, I'm not
>> that educated in this field, so please forgive any implication of
>> understanding on my part.
>>
>> Wayne
>>
>>
>>
>>
>> ________________________________
>> From: Willard Goosey <goosey at virgo.sdc.org>
>> To: CoCoList for Color Computer Enthusiasts <coco at maltedmedia.com>
>> Sent: Sat, November 28, 2009 8:31:05 PM
>> Subject: Re: [Coco] Telnet to your CoCo.. and invite 6 of your friends
>>
>> On Sat, Nov 28, 2009 at 05:53:53PM -0500, Aaron Wolfe wrote:
>>
>>>
>>> "Security" in OS-9 seems to be mostly based on the honor system.
>>>
>>
>> Unfortunately.  I'd always been under the impression that while the
>> security wasn't complete, what was there worked properly. This doesn't
>> seem to be the case.
>>
>>
>>>
>>> The real limitation is that the Coco cannot protect
>>> memory as far as I can tell.
>>>
>>>
>>
>> Correct.  It's a hardware limitation of the MMU, not the operating
>> system's fault.
>>
>>
>>>
>>> I mostly guess people would use this feature to run a multiline BBS,
>>> which *should* have it's own security,
>>
>> Yeah, I never did the BBS thing, so I don't really understand it.
>> Without shell access, what's the point? ;-)  See, my first experience
>> with multi-user machines was UNIX.
>>
>>
>>>
>>> It would also be trivial to add a simple password check before
>>> allowing a connection to a port, if that would be useful.
>>>
>>
>> I believe there are replacement login programs with a real(-ish ;)
>> password program with them on RTSI.
>>
>> Willard
>>
>
>
> --
> Coco mailing list
> Coco at maltedmedia.com
> http://five.pairlist.net/mailman/listinfo/coco
>



More information about the Coco mailing list