On 07/27/2010 05:22 AM, DRC wrote:
> On 7/26/10 6:54 PM, Antoine Martin wrote:
>> As someone said, you can bypass the restrictions by downloading other
>> Xvnc binaries for your platform of choice. (see rpmfind and others)
>> So the restriction is just an illusion of "security", and I worry that
On 7/26/10 6:54 PM, Antoine Martin wrote:
> As someone said, you can bypass the restrictions by downloading other
> Xvnc binaries for your platform of choice. (see rpmfind and others)
> So the restriction is just an illusion of "security", and I worry that
> people may start relying on it.
> Not
I believe he is referring to the ability of the user to upload and run a
binary that does not look at that config file. All pre-compiled and
ready for joe user to upload. This too could be prevented by locking
down filesystems with noexec mount options, iptables rules, and/or
selinux policies
On 07/26/2010 11:38 PM, DRC wrote:
> On 7/26/10 4:43 PM, Antoine Martin wrote:
>>> You're missing my point. What I'm trying to do is implement a mechanism
>>> whereby the SysAdmin can set global defaults for all TigerVNC server
>>> sessions on the system. Yes, there are always ways to hack arou
On 7/26/10 4:43 PM, Antoine Martin wrote:
>> You're missing my point. What I'm trying to do is implement a mechanism
>> whereby the SysAdmin can set global defaults for all TigerVNC server
>> sessions on the system. Yes, there are always ways to hack around this,
>> but the idea is to make it dif
On 07/23/2010 04:24 PM, DRC wrote:
> On 7/23/10 3:40 AM, Martin Koegler wrote:
>> On Thu, Jul 22, 2010 at 04:02:52PM -0500, DRC wrote:
>>> This makes the use of extended authentication types somewhat useless
>>> from the point of view of a SysAdmin, though. If there is not a way for
>>> them to
On 7/23/10 3:40 AM, Martin Koegler wrote:
> On Thu, Jul 22, 2010 at 04:02:52PM -0500, DRC wrote:
>> This makes the use of extended authentication types somewhat useless
>> from the point of view of a SysAdmin, though. If there is not a way for
>> them to enforce, or at least strongly encourage, th
On Thu, Jul 22, 2010 at 04:02:52PM -0500, DRC wrote:
> This makes the use of extended authentication types somewhat useless
> from the point of view of a SysAdmin, though. If there is not a way for
> them to enforce, or at least strongly encourage, the use of secure
> authentication on a system-wi
On 7/22/10 12:27 AM, Martin Koegler wrote:
>> -- A set of "allowed" security types can be configured for the VNC
>> server. It should be possible for a SysAdmin to specify this in a
>> central config file, which will take precedence over command line
>> options or per-user config files (thus, if a
>> As Xvnc can run as any user, I would like to stick to the normal user
>> unix default for such unprivileged programs: parameters take precedence
>> over config file.
>
> +1
+1
Anything else would be very confusing to the user.
Antoine
-
On Thu, Jul 22, 2010 at 07:27:28AM +0200, Martin Koegler wrote:
> On Wed, Jul 21, 2010 at 12:48:05PM -0500, DRC wrote:
> > On 7/21/10 3:16 AM, Adam Tkac wrote:
> > > This is a valid argument but I would like to see feedback from other
> > > TigerVNC developers to decide which types should be enable
On Wed, Jul 21, 2010 at 10:16:59AM +0200, Adam Tkac wrote:
> > | bool SSecurityFactoryTLS::isSecTypeSupported(rdr::U32 secType) {
> > | switch (secType) {
> > | #ifdef HAVE_GNUTLS
> > | case secTypePlain:
> > | case secTypeTLSNone:
> > | case secTypeTLSVnc:
> > | case secTypeTLSPlain:
> >
On Wed, Jul 21, 2010 at 12:48:05PM -0500, DRC wrote:
> On 7/21/10 3:16 AM, Adam Tkac wrote:
> > This is a valid argument but I would like to see feedback from other
> > TigerVNC developers to decide which types should be enabled by
> > default. I will open a separate thread for this.
>
> I am join
On 7/21/10 3:16 AM, Adam Tkac wrote:
> This is a valid argument but I would like to see feedback from other
> TigerVNC developers to decide which types should be enabled by
> default. I will open a separate thread for this.
I am joining into this discussion late, so I don't think I fully
understan
On Wed, Jul 21, 2010 at 12:04:42AM +0200, Martin Koegler wrote:
> On Tue, Jul 20, 2010 at 05:25:16PM +0200, Adam Tkac wrote:
>
> Thank you for your effort.
>
> > On Sat, Jul 17, 2010 at 04:47:22PM +0200, Martin Koegler wrote:
> > > 2-4 fixes the security type parameter in the vncviewer. The viewe
On Tue, Jul 20, 2010 at 05:25:16PM +0200, Adam Tkac wrote:
Thank you for your effort.
> On Sat, Jul 17, 2010 at 04:47:22PM +0200, Martin Koegler wrote:
> > 2-4 fixes the security type parameter in the vncviewer. The viewer has the
> > problem, that
> > the handshake phase in the viewer uses a ha
On Sat, Jul 17, 2010 at 04:47:22PM +0200, Martin Koegler wrote:
> This patchset contains various fixes/changes related to the security type
> handling.
Hello Martin,
I've reviewed & commited your patches, you can read my comments. Thank
you very much, they really cleaned up the VeNCrypt code.
>
On Sat, Jul 17, 2010 at 04:47:22PM +0200, Martin Koegler wrote:
> This patchset contains various fixes/changes related to the security type
> handling.
Thanks for your patchset, after quick look they seem fine and really useful
for me.
I will process & commit them this week, together with the X5
This patchset contains various fixes/changes related to the security type
handling.
1 removes a leftover declaration
2-4 fixes the security type parameter in the vncviewer. The viewer has the
problem, that
the handshake phase in the viewer uses a hardcoded list containing all security
types.
T
19 matches
Mail list logo