NNCP(www.complete.org)
30 pointsby nmstoker12 days ago1 comment
  • mdaniel11 days ago
    > So what does nncp-exec do? It reads stdin and encrypts it to node bob. It adds metadata, saying it’s requesting the “tarextract” command, and adding two arguments to it (the -C /var/local/backups). It writes this all into a packet file in the transmission queue for bob.

    > When bob processes the packet, it spins up /usr/bin/tar -xpf - -C /var/local/backups, piping to it the data that had originally been piped to nncp-exec.

    I was with them until seeing that nncp-exec accepts user provided arguments[2], and that just smells like an escape waiting to happen. Since they drew parallels between that and the command= in authorized_keys[2] I looked it up and it doesn't appear that either command= nor its ForceCommand sibling accept user provided arguments

    I presume its target audience is where both ends of the connection are "you" (or at least fully trusted)

    1: https://www.complete.org/nncp-concepts/#remote-execution

    2: https://manpages.ubuntu.com/manpages/noble/man8/sshd.8.html#...

    • bandie9111 days ago
      NNCP peers may be completely untrusted, but in this case don't expose weak nncp-exec command to those peers.

      for example these is an `exec: /usr/bin/tar` command exposed for Alice, but not for Eve. For Eve there may be an `exec: /usr/local/bin/file-request-handler-for-untrusted-peers.sh` command available which adds the access control layer.

      ForceCommand accepts user parameters except via environment variables.