I think the "big" depends on context. What it *does* do is underscore the issues in the current security model of VNC as it is implemented on Windows.
I think if Rob can come up with a patch to make it accept a -nevershared it _will_ shut down a significant vulnerability in the current model. The prickly issue is how do you implement a *good* security model without either writing an entire user management system or a large chunk of code to access the system's security model? ----- Original Message ----- From: "Michael Ossmann" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday/2002 March 06 12.28 Subject: Re: WinVNC & -nevershared : On Tue, Mar 05, 2002 at 06:21:40PM -0700, Rob Kenyon wrote: : > : > I can honestly state that I actually read the docs before posting. : > Notice that "ConnectPriority" states: : : Sorry to be so hard on you; I just wanted to be certain. Thanks for the : great clarification. That's a pretty big issue, and something that I'm : adding to my list of VNC vulnerabilities. If you decide to fix it, I : suggest starting with the TightVNC code and submitting a patch to Const. : : -- : Mike Ossmann, Tarantella/UNIX Engineer/Instructor : Alternative Technology, Inc. http://www.alttech.com/ : --------------------------------------------------------------------- : To unsubscribe, mail [EMAIL PROTECTED] with the line: : 'unsubscribe vnc-list' in the message BODY : See also: http://www.uk.research.att.com/vnc/intouch.html : --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
