24 Jan
2006
24 Jan
'06
9:44 p.m.
On Tue, 2006-01-24 at 15:34, Maciej Żenczykowski wrote:
The nxserver binary could be setuid and/or setgid 'nx' thus granting it the necessary rights, it could grab whatever special stuff nx is allowed to do and drop them or fork to a child without them to allow the parent to clean up afterwards.
...
Do you feel safe having anybody capable of ssh'ing into nx@yourmachine? You sure there are no bugs to exploit in the nxserver 'shell'
Wasn't this the same binary you just suggested making setuid - but now you don't trust it ??? Please comment again after reading the link I just posted.
--
Les Mikesell
lesmikesell@gmail.com