Anyone ever setup Mystic in chroot jail?

--- Mystic BBS v1.12 A31 (Linux)
* Origin: Leisure Time BBS (1:220/50)

On 04/16/17, Raleigh Apple pondered and said...

Anyone ever setup Mystic in chroot jail?

I'm not aware of anyone but I'm not a big Linux user so others may wish to chime in. I expect it would work but there's only one way to find out :)

If you are concerned about the likes of the Mystic servers running as root
take a look at this note from the docs

[snip]

Mystic (MIS actually) has built in Telnet (with IO redirection for things
like DOSEMU), SMTP, POP3, FTP, and NNTP servers.

When running in Linux/OSX keep in mind that by default the
operating system will not let a service bind to a port less than
1025 unless it is a ROOT user (in Linux) and NOT AT ALL in OS/X.

In Linux, MIS has the ability to switch from root back to whatever the user
and group is that owns the executable AFTER it binds to the ports it needs
for the server. So in Linux you can simply do a:

sudo ./mis

Or if you want to run it as a DAEMON you can do:

sudo ./mis -d

As mentioned, it will NOT run as root. It will only use root until it binds
to your ports, and then it will switch to the user who owns the executable.

NOW IN OS/X THIS TRICK DOES NOT SEEM TO WORK.

Instead you have to load the Mystic Configuration and set your server ports
greater than 1024. We will do TELNET for example here. Set your telnet
server port to "2323" and exit the Mystic configuration.

You can then create a rule to map connections that come in on port 23 to the
2323 port that MIS is listening on, using the following command:

sudo ipfw add 100 fwd 127.0.0.1,2323 tcp from any to any 23 in

Once that is done you can start MIS using ./mis or ./mis -d


NOTE that some people will want to use inetd or something similar to run their telnet, which Mystic is perfectly capable of. To do this, turn off the TELNET server in your configuration and refer to the section on external telnet.

[snip]

Hope that helps. :)

Best, Paul

--- Mystic BBS v1.12 A31 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (3:770/100)

If you are concerned about the likes of the Mystic servers running as
root take a look at this note from the docs

[snip]

It's not so much that I'm concerned about it running as root, it's not. I've always found it to be best practice to have any publicly available service running in a jail. That way if there ends up being an exploit that drops to shell, they don't have access to main filesystem.

I've actually gotten the jail built and Mystic starts up and opens required ports but when client attempts to connect it responds then drops the connection. If I get it figured out, I will be glad to add a page to the
wiki.

NOTE that some people will want to use inetd or something similar to run their telnet, which Mystic is perfectly capable of. To do this, turn
off the TELNET server in your configuration and refer to the section on external telnet.

[snip]

In regards to using external telnet, has anyone tried replacing telnet with ssh?


Twitch

--- Mystic BBS v1.12 A31 (Linux)
* Origin: Leisure Time BBS (1:220/50)

On 04/17/17, Raleigh Apple pondered and said...

In regards to using external telnet, has anyone tried replacing telnet with ssh?

Yes, but you will want to run that using MIS2 as that is the 'under development' server that offers it :)

Best, Paul

--- Mystic BBS v1.12 A31 (Windows)
* Origin: Agency BBS | telnet://agency.bbs.geek.nz (3:770/100)

I've connected to some BBS's, and when you QUIT the BBS application, the connection is dropped. It would be nice to accomplish the same process vs. having the telnet connection drop back into bash. I assume I could just write a bashrc to launch mystic -
l, but I'm not sure how to capture in shell if ther user drops back into bash. hmmm.

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

audstanley@gmail.com wrote to All <=-

I've connected to some BBS's, and when you QUIT the BBS application,
the connection is dropped. It would be nice to accomplish the same process vs. having the telnet connection drop back into bash. I assume
I could just write a bashrc to launch mystic -
l, but I'm not sure how to capture in shell if ther user drops back
into bash. hmmm.

I'm a bit confused as to what exactly is happening here. As a user, if I connect to Mystic, the connection is dropped when I log off. BASH isn't involved, because Mystic handles telnet internally. Hence my confusion.


... All good things must come to an e
--- MultiMail/Win32 v0.49
* Origin: Freeway BBS - freeway.apana.org.au (3:633/410)