[erlang-questions] 'ssh' security issue

OvermindDL1 overminddl1@REDACTED
Sat Dec 7 01:57:21 CET 2013


Greetings,

I am attempting to just create an SSH shell to connect to a system by
users so they can do commands without the web interface, and as such I
certainly do not want things like port forwarding or being able to run
arbitrary erlang code, however I do not seem to be able to disable
running arbitrary erlang code.  An example of the ssh_sample_cli
included with erlang:
"""
$ erl
Erlang R16B02 (erts-5.10.3) [source] [64-bit] [smp:8:8]
[async-threads:10] [hipe] [kernel-poll:false]

Eshell V5.10.3  (abort with ^G)
1> c(ssh_sample_cli).
ssh_sample_cli.erl:146: Warning: this expression will fail with a
'badarith' exception
{ok,ssh_sample_cli}
2> B=ssh_sample_cli:listen(8323, [{subsystems, []}]).
{ok,<0.67.0>}
"""

And from another shell/computer:
"""
$ ssh -p 8321 to.the.host
myusername@REDACTED's password:
Enter command
CLI> help
CLI Sample
crash                  crash the cli
exit                   exit application
factors    <int>       prime factors of <int>
gcd        <int> <int> greatest common divisor
help                   help text
host                   print host addr
lcm        <int> <int> least common multiplier
prime      <int>       check for primality
primes     <int>       print all primes up to <int>
rho        <int>       prime factors using rho's alg.
self                   print my pid
user                   print name of user

---> ok
CLI> exit
---> done
Connection to to.the.host closed.
"""

So far so good (the main program where I have this implemented has a
well running shell of its own), but lets try a couple other things:
"""
$ sftp -P 8321 to.the.host
myusername@REDACTED's password:
subsystem request failed on channel 0
Connection closed
"""

Also good, no file transfers can be done since the option subsystem is
set to [], but notice:
"""
$ ssh -p 8323 to.the.host 'lists:reverse("!?ti pots I od woh dna ereh
gnineppah si tahw woN").'
myusername@REDACTED's password:
"Now what is happening here and how do I stop it?!"
"""

So... I can still run arbitrary erlang commands, how do I stop this?
Unable to find an option to pass in or anything through a quick code
perusal to no avail.  Help?



More information about the erlang-questions mailing list