Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


ntalkd | 7 comments | Create New Account
Click here to return to the 'ntalkd' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
ntalkd
Authored by: tsaar on Jul 17, '02 02:31:01AM

Talkd /Ntalkd supposedly has its security issues (but I would not know how serious these are)

The whole point of talk ofcourse is that you can talk to a remote user on a remote machine: talk mybuddy@mybuddyscomputer.net
No need to login to mybuddyscomputer.net. (for instance, when your buddy thinks giving you a shell account on his machine is a big risk ;) )
Also see finger (remember the .plan file?)

Many people have been trying to get _this_ normal, remote (as opposed to talking to users on your own machine) funcionality working also.
I'm not sure, but I believe there's a thread on Apple's own discussion forums about this. I seem to remember they weren't very succesfull.

Doei,
Maarten



[ Reply to This | # ]
ntalkd
Authored by: tsaar on Jul 17, '02 11:36:29AM
Check out this thread (macosx.com, is it allright if I link there?) for more details. doei.

[ Reply to This | # ]
ntalkd
Authored by: strider on Jul 17, '02 02:04:06PM

The remote aspect of ntalk does represent a security risk. However, if you only use it as the original poster suggested (ie only talk to people SSH'd into your local machine), just make sure that UDP 517 is allowed from 127.0.0.1 to 127.0.0.1 and not from the internet. You are running a firewall right? Someone would have to have have shell access to your box to exploit talk and at that point you have bigger problems than running talk :)



[ Reply to This | # ]
ntalkd
Authored by: jitjat on Jan 13, '03 09:15:01PM

I believe older versions of talkd didn't check for ;'s in domain names and used system commands. In theory, someone could talk to a machine and pass commands after the ;. Since talkd runs under root, damage could be done.

I don't know if the ntalkd that comes with OS X has fixed this problem but I am fairly certain that it was fixed in FreeBSD...



[ Reply to This | # ]