• Mystic BBS / Linux chroot jail

    From Raleigh Apple@1:220/50 to All on Sun Apr 16 21:39:21 2017
    Anyone ever setup Mystic in chroot jail?

    --- Mystic BBS v1.12 A31 (Linux)
    * Origin: Leisure Time BBS (1:220/50)
  • From Paul Hayton@3:770/100 to Raleigh Apple on Mon Apr 17 16:46:31 2017
    On 04/16/17, Raleigh Apple pondered and said...

    Anyone ever setup Mystic in chroot jail?

    I'm not aware of anyone but I'm not a big Linux user so others may wish to chime in. I expect it would work but there's only one way to find out :)

    If you are concerned about the likes of the Mystic servers running as root
    take a look at this note from the docs

    [snip]

    Mystic (MIS actually) has built in Telnet (with IO redirection for things
    like DOSEMU), SMTP, POP3, FTP, and NNTP servers.

    When running in Linux/OSX keep in mind that by default the
    operating system will not let a service bind to a port less than
    1025 unless it is a ROOT user (in Linux) and NOT AT ALL in OS/X.

    In Linux, MIS has the ability to switch from root back to whatever the user
    and group is that owns the executable AFTER it binds to the ports it needs
    for the server. So in Linux you can simply do a:

    sudo ./mis

    Or if you want to run it as a DAEMON you can do:

    sudo ./mis -d

    As mentioned, it will NOT run as root. It will only use root until it binds
    to your ports, and then it will switch to the user who owns the executable.

    NOW IN OS/X THIS TRICK DOES NOT SEEM TO WORK.

    Instead you have to load the Mystic Configuration and set your server ports
    greater than 1024. We will do TELNET for example here. Set your telnet
    server port to "2323" and exit the Mystic configuration.

    You can then create a rule to map connections that come in on port 23 to the
    2323 port that MIS is listening on, using the following command:

    sudo ipfw add 100 fwd 127.0.0.1,2323 tcp from any to any 23 in

    Once that is done you can start MIS using ./mis or ./mis -d


    NOTE that some people will want to use inetd or something similar to run their telnet, which Mystic is perfectly capable of. To do this, turn off the TELNET server in your configuration and refer to the section on external telnet.

    [snip]

    Hope that helps. :)

    Best, Paul

    --- Mystic BBS v1.12 A31 (Windows)
    * Origin: Agency BBS | telnet://agency.bbs.geek.nz (3:770/100)
  • From Raleigh Apple@1:220/50 to Paul Hayton on Mon Apr 17 18:42:32 2017
    If you are concerned about the likes of the Mystic servers running as
    root take a look at this note from the docs

    [snip]

    It's not so much that I'm concerned about it running as root, it's not. I've always found it to be best practice to have any publicly available service running in a jail. That way if there ends up being an exploit that drops to shell, they don't have access to main filesystem.

    I've actually gotten the jail built and Mystic starts up and opens required ports but when client attempts to connect it responds then drops the connection. If I get it figured out, I will be glad to add a page to the
    wiki.



    NOTE that some people will want to use inetd or something similar to run their telnet, which Mystic is perfectly capable of. To do this, turn
    off the TELNET server in your configuration and refer to the section on external telnet.

    [snip]

    In regards to using external telnet, has anyone tried replacing telnet with ssh?


    Twitch

    --- Mystic BBS v1.12 A31 (Linux)
    * Origin: Leisure Time BBS (1:220/50)
  • From Paul Hayton@3:770/100 to Raleigh Apple on Tue Apr 18 15:00:09 2017

    On 04/17/17, Raleigh Apple pondered and said...

    In regards to using external telnet, has anyone tried replacing telnet with ssh?

    Yes, but you will want to run that using MIS2 as that is the 'under development' server that offers it :)

    Best, Paul

    --- Mystic BBS v1.12 A31 (Windows)
    * Origin: Agency BBS | telnet://agency.bbs.geek.nz (3:770/100)
  • From audstanley@gmail.com@3:770/3 to All on Sat Jul 29 09:40:44 2017
    I've connected to some BBS's, and when you QUIT the BBS application, the connection is dropped. It would be nice to accomplish the same process vs. having the telnet connection drop back into bash. I assume I could just write a bashrc to launch mystic -
    l, but I'm not sure how to capture in shell if ther user drops back into bash. hmmm.

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Tony Langdon@3:633/410 to audstanley@gmail.com on Sun Jul 30 08:08:00 2017
    audstanley@gmail.com wrote to All <=-

    I've connected to some BBS's, and when you QUIT the BBS application,
    the connection is dropped. It would be nice to accomplish the same process vs. having the telnet connection drop back into bash. I assume
    I could just write a bashrc to launch mystic -
    l, but I'm not sure how to capture in shell if ther user drops back
    into bash. hmmm.

    I'm a bit confused as to what exactly is happening here. As a user, if I connect to Mystic, the connection is dropped when I log off. BASH isn't involved, because Mystic handles telnet internally. Hence my confusion.


    ... All good things must come to an e
    --- MultiMail/Win32 v0.49
    * Origin: Freeway BBS - freeway.apana.org.au (3:633/410)