freenx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

>> Do you feel safe having anybody
>> capable of ssh'ing into nx@yourmachine?  You sure there are no bugs to
>> exploit in the nxserver 'shell'
>
> Wasn't this the same binary you just suggested making setuid - but now
> you don't trust it ???  Please comment again after reading the link I
> just posted.

Yes this was the same binary, but only real users could exploit the setuid 
binary instead of anybody on earth in case of allowing anonymous logins to 
nx@server.  Furthermore, note that I stated that I don't see any need for 
making the binary setuid, but it could be done if there was some drastic 
need - not to mention the binary could drop these priviledges before 
reading any input.

I've read through the thread you provided and I'm not convinced.  Indeed 
it still seems like a bad design decision to me.  Why isn't the normal ssh 
authentication good enough for NX?  And if there is some need for a 
different authentication than it should still - also support normal ssh by 
default for all the other cases - like mine - where it's not needed.

Cheers,
MaZe.
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux