Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i know my answer. but i would like some feedback. rhel5/6, if you were locking down a system real good and you use ssh v2 only for sysadmin access, would you leave the telnet client installed?
one argument i got to leave telnet client installed was that its used as a diag tool to check if a tcp listener is there on other systems. i gaffed, but its currently an argument. same person also believes having ftp client installed (and telnet client) poses no risk at all.
These clients only are a security risk for the machine that you connect to, not for the machine that you run them on.
Telnet or ftp into a remote server via the web and passing usernames and passwords in the clear is calling for problems.
And of course if someone downloads malware using ftp and runs it.
Why should I give a hacker tools to connect with or tools to download malware with? Also, these items may carry undocumented vulnerabilities. If not absolutely needed why should the system have them installed?
Any user could install it from scratch anyway – clients are only run under the user account. If you want to avoid execution of unauthorized applications, you need to allow only signed binaries. There is a document from IBM about it.
I have used telnet on several occasions to help troubleshoot a problem or test a new function or feature. While I suppose it is possible to install and remove the client every time I need or wish to perform this function, my concerns about an intruder being able to capitalize on the availability of telnet on a system that they have just broken into is fairly low, and certainly much lower than their getting access in the first place. To me it becomes a matter of weighing the benefit to me versus the potential benefit to an intruder.
Why should I give a hacker tools to connect with or tools to download malware with? Also, these items may carry undocumented vulnerabilities. If not absolutely needed why should the system have them installed?
The hacker must first gain access. After that, any protection is basically useless. As long as you don't run ftp and telnet clients, they are no risk.
As Linux_Kidd said “Hacker” on his machine, it was not clear whether there are any users or hackers from the outside world on this machine.
If he is alone on the machine, any installed but not started application won’t affect the security at all.
Perhaps the idea of "not needed not there" concept has vanished from the world of security?
So what's your stance when there's a zeroday for the telnet client that allows uid's to do things as uid =0 ??? Would you then say "OH, only if it wasn't installed"???
If a non-suid application suddenly run as uid=0 it’s IMO either a kernel problem or an already faulty/tampered library/loader. So the deeper cause needs to be fixed, but not the single client application (in fact: there may be many of them then).
i am not saying the binary becomes suid, i am saying the telnet binary has a binary flaw that allows privilege escalation, hence, it was not run suid, it was ran as UID >=500 and now the hacker is doing bad things as euid=0
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.