[3202] in Release_Engineering
Re: Jeff's inetd.conf/services addition
jis@ATHENA.MIT.EDU (jis@ATHENA.MIT.EDU)
Wed May 4 03:29:56 1994
The "gsh" service was discussed by and approved by the Athena
Computing Management Group (ACMG). The purpose of this facility is
to provide a mechanism (when necessary) to run an arbitrary program
on all public workstations remotely. Note: This is a "rsh" service
not a "login" service. The primary purpose is to be able to run an
integrity checker that can adapt to the "threat" environment. In
other words if we discover that someone is regularly editing
rc.local, then we can have the integrity checker fix it regularly.
There are certain other times when having access remotely to public
workstations is useful.
At the moment the inetd.conf entry is a dangling reference because
the gshd program is not finished (the one Ezra found is a quick
kludgy demonstration version). The final version, however, will work
similarly. The gdss signature (of a timestamp) will be sent to the
gshd. It will check an access control list to see if the signer is
permitted access and if so it will perform the requested command as
root. We already "trust" the gdss service for correct operation of
the on-line student information (read: grade) service.
Private workstation owners will have the option of disabling this
feature. Very few individuals will have access to this facility
(usually only after a demonstrated need). Use of the facility will
require management approval (possibly of JDB). Mis-use of this
facility will be considered a serious situation.
-Jeff
