Ostiary
Udhay Shankar N
udhay at pobox.com
Tue Aug 2 08:26:57 EDT 2005
Sounds interesting. Has anybody used this, and are there any comments?
Udhay
http://ingles.homeunix.org/software/ost/
Tools like ssh and lsh are great for allowing secure remote access to your
system. They offer essentially full, flexible remote control of a machine,
in an ecrypted and authenticated manner. But they are complex pieces of
software; there's no way to do what they do without being complex. And with
complexity comes bugs. Tools like ssh and lsh, and VPNs like CIPE, PPTP,
and more have all had serious flaws that would allow an attacker to get
full control over your system.
If you leave such programs running all the time, you take the risk that
someone is going to use an exploit on you before you have a chance to apply
a patch. For some purposes, this is an acceptable - even necessary -
tradeoff, but it would be nice to enable them only when actually needed, to
minimize the risk. And for other purposes, ssh et. al. are overkill.
Perhaps you only really need to remotely initiate a limited set of
operations. In this case, you don't need a shell prompt, just a way to
securely kick off scripts from elsewhere.
Enter 'Ostiary'. It is designed to allow you to run a fixed set of commands
remotely, without giving everyone else access to the same commands. It is
designed to do exactly and only what is necessary for this, and no more.
The only argument given to the command is the IP address of the client, and
only if the authentication is successful. The following are the key design
goals:
* "First, do no harm." It should not be possible to use the Ostiary
system itself to damage the host it's running on. In particular, it's
willing to accept false negatives (denying access to legitimate users) in
order to prevent false positives (allowing access to invalid users).
* Insofar as possible, eliminate any possibility of bugs causing
undesired operations. Buffer overflows, timing attacks, etc. should be
impossible for an external attacker to execute. There's no point in
installing security software if it makes you less secure.
* Be extremely modest in memory and CPU requirements. I want to be able
to fire off commands on my webserver (running on a Mac SE/30, a 16MHz 68030
machine) from my Palm Pilot (a 16MHz 68000 machine). Things like ssh
already take 30 seconds or more to start up - I can't afford anything too
fancy.
* Keep things simple. I'm no crypto expert; I know I'm not capable of
coming up with an ssh replacement. So I need to keep things so utterly
simple that I can be sure I'm not missing anything important.
--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list