With the NX client setup as described on the wiki and a user logged
in an Nmap scan on the clients show port 6000 and 6001 open. 6001
requires authorized access but 6000 does not. I'm not sure if it's
exploitable like this but it shows up on our vulnerability scans.
David Kennel
On
I used the instructions located on the LTSP wiki to install the NX
client into the root for the LTSP clients and add the appropriate
screen script to start the NX client on boot. That portion of the
setup is relatively straightforward and appears to be working
beautifully. The
David-
By default the X server should not allow unauthorized access without the
magic cookie. In other words, another user on another terminal logged
into the same server can't just export DISPLAY=my_terminal:0.0 and run
an application on my terminal. If I ran xhost +server they could, but
David Kennel wrote:
I am piloting an LTSP based solution. Due to our security requirements
I have had to tweak the configuration quite a bit to harden the
system. I have moved the clients to encrypted connections based on
FreeNX but the clients are still opening their X11 servers to dog +
I am piloting an LTSP based solution. Due to our security
requirements I have had to tweak the configuration quite a bit to
harden the system. I have moved the clients to encrypted connections
based on FreeNX but the clients are still opening their X11 servers
to dog + world. Does anyone
