Do you feel safe having anybody capable of ssh'ing into nx@yourmachine? You sure there are no bugs to exploit in the nxserver 'shell'
Wasn't this the same binary you just suggested making setuid - but now you don't trust it ??? Please comment again after reading the link I just posted.
Yes this was the same binary, but only real users could exploit the setuid binary instead of anybody on earth in case of allowing anonymous logins to nx@server. Furthermore, note that I stated that I don't see any need for making the binary setuid, but it could be done if there was some drastic need - not to mention the binary could drop these priviledges before reading any input.
I've read through the thread you provided and I'm not convinced. Indeed it still seems like a bad design decision to me. Why isn't the normal ssh authentication good enough for NX? And if there is some need for a different authentication than it should still - also support normal ssh by default for all the other cases - like mine - where it's not needed.
Cheers, MaZe.