[CentOS] freenx
Maciej Żenczykowski
maze at cela.pl
Tue Jan 24 21:57:32 UTC 2006
>> Do you feel safe having anybody
>> capable of ssh'ing into nx at yourmachine? You sure there are no bugs to
>> exploit in the nxserver 'shell'
>
> Wasn't this the same binary you just suggested making setuid - but now
> you don't trust it ??? Please comment again after reading the link I
> just posted.
Yes this was the same binary, but only real users could exploit the setuid
binary instead of anybody on earth in case of allowing anonymous logins to
nx at server. Furthermore, note that I stated that I don't see any need for
making the binary setuid, but it could be done if there was some drastic
need - not to mention the binary could drop these priviledges before
reading any input.
I've read through the thread you provided and I'm not convinced. Indeed
it still seems like a bad design decision to me. Why isn't the normal ssh
authentication good enough for NX? And if there is some need for a
different authentication than it should still - also support normal ssh by
default for all the other cases - like mine - where it's not needed.
Cheers,
MaZe.
More information about the CentOS
mailing list