[CentOS] freenx
Maciej Żenczykowski
maze at cela.pl
Tue Jan 24 21:34:06 UTC 2006
> I'm lost... is there something I'm not seeing?
> Maybe this is partly due to being freenx and not the nomachine server. But
> frankly I still don't see why the NX server - which _DOES_ not require any
> special priveledges can't run as the user you want to log in as. Does it
> require special priveledges (which? what for?)
And indeed even if we need special priveledges couldn't we have:
The client gets a servermachine/user/(password|privatekey) triple. Uses
"ssh user at servermachine /usr/bin/nxserver" to login, passing either the
cleartext password (which ssh will encrypt) or the privatekey (via -i) -
thus getting an encrypted connection to the nxserver. The nxserver binary
could be setuid and/or setgid 'nx' thus granting it the necessary rights,
it could grab whatever special stuff nx is allowed to do and drop them or
fork to a child without them to allow the parent to clean up afterwards.
Again - no need for the current key mess. Do you feel safe having anybody
capable of ssh'ing into nx at yourmachine? You sure there are no bugs to
exploit in the nxserver 'shell' (not to mention potential DoS by opening
too many connections...)? Not to mention once logged in via ssh there are
potentially even more bugs in ssh which might be exploited (not saying
they are there but we've just dramatically increased the code lines in
which such a bug might be hidden - now it's not only in the authorization
code but in pretty much the entire sshd server...).
And:
The privatekey is _PUBLIC_ - it's available in the standard nomachine
client (if you're using the standard configuration). Furthermore - again
correct me if I'm wrong (I'm not an rsa/ssh expert and I may be way off
base here) - but if I know the privatekey of the client - can't I decode the
entire protocol stream by merely sniffing it? Are you sure I can't? Has
this been tested/analysed? Are you a security expert in ssh? Do you
believe nomachine has people who are good enough to make such a decision?
I haven't deeply analysed this - but it's not obvious to me in the first 5
minutes. I expect it can't be trivially compromised, but I do expect
security suffers. After spending 10 minutes thinking about this - in the
end I do think it is secure, but - what's the point of this entire mess?
Cheers,
MaZe.
More information about the CentOS
mailing list