Ivan Popov ()
Fri, 6 Mar 1998 10:45:16 +0100 (MET)
> One (ORL?) has to decide from the start if VNC supposed to be secure
> or not. If yes, we should do a complete audit to find all the
> weaknesses and fix them. If not, we should make sure that using VNC
> with SSH, tcp_wrappers... is easy and secure.
It would be beneficial to separate different tasks.
vnc is very good at forwarding a session, but authentication and
encryption could be done by some "pluggable" modules. In that case the
modules can be easily adapted to any local security mechanism and/or
policy.
One simple interface that comes to mind is server using local fifo (and
e.g. its access modes?) to restrict client access (and external program
like ssh or even telnet ;-) making authentication and establishing the
channel)
Root always has an ability to steal a session (it is in memory, isn't
it, or anyway the X clients' sockets are under roots control)...
My 2c
-- Ivan Popov <> Systemman, Driftavdelningen, Matematiska institutionen, Chalmers TH
This archive was generated by on Wed Feb 03 1999 - 15:32:48 GMT