freenx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> I'm lost... is there something I'm not seeing?
> Maybe this is partly due to being freenx and not the nomachine server. But 
> frankly I still don't see why the NX server - which _DOES_ not require any 
> special priveledges can't run as the user you want to log in as.  Does it 
> require special priveledges (which? what for?)

And indeed even if we need special priveledges couldn't we have:

The client gets a servermachine/user/(password|privatekey) triple. Uses 
"ssh user@servermachine /usr/bin/nxserver" to login, passing either the 
cleartext password (which ssh will encrypt) or the privatekey (via -i) - 
thus getting an encrypted connection to the nxserver.  The nxserver binary 
could be setuid and/or setgid 'nx' thus granting it the necessary rights, 
it could grab whatever special stuff nx is allowed to do and drop them or 
fork to a child without them to allow the parent to clean up afterwards.

Again - no need for the current key mess.  Do you feel safe having anybody 
capable of ssh'ing into nx@yourmachine?  You sure there are no bugs to 
exploit in the nxserver 'shell' (not to mention potential DoS by opening 
too many connections...)?  Not to mention once logged in via ssh there are 
potentially even more bugs in ssh which might be exploited (not saying 
they are there but we've just dramatically increased the code lines in 
which such a bug might be hidden - now it's not only in the authorization 
code but in pretty much the entire sshd server...).

And:

The privatekey is _PUBLIC_ - it's available in the standard nomachine 
client (if you're using the standard configuration).  Furthermore - again 
correct me if I'm wrong (I'm not an rsa/ssh expert and I may be way off 
base here) - but if I know the privatekey of the client - can't I decode the 
entire protocol stream by merely sniffing it?  Are you sure I can't?  Has 
this been tested/analysed?  Are you a security expert in ssh?  Do you 
believe nomachine has people who are good enough to make such a decision?
I haven't deeply analysed this - but it's not obvious to me in the first 5 
minutes.  I expect it can't be trivially compromised, but I do expect 
security suffers.  After spending 10 minutes thinking about this - in the 
end I do think it is secure, but - what's the point of this entire mess?

Cheers,
MaZe.

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux