Security Notice: I would like to notify everybody about a security issue that is created in the Fl_TeacherTool installation procedure.
A security vulnerability exists if you enabled Monitor/Control by following the instructions here: http://www3.telus.net/public/robark/Fl_TeacherTool/installationk12ltsp.html#monitor (instructions pasted below) -----snip------ Edit the file /opt/ltsp/i386/etc/lts.conf and uncomment (i.e. remove the "#"): X4_MODULE_02 = vnc Become root: su - Make a password for the vnc-session: /usr/bin/vncpasswd Copy the password file into the ltsp-tree: cp -a /root/.vnc /opt/ltsp/i386/root/ Log out of root session: exit Reboot your clients! -----snip------- Or (if you are running x11vnc on the client) If you start x11vnc in /opt/ltsp/i386/etc/rc.local with a line like x11vnc -display :6 -rfbauth /root/.vnc/passwd -forever -shared -loop & Please be aware that anyone with some Linux knowledge could potentially take control of, or monitor, a client computer. If you do not feel comfortable with this situation, especially if the teacher workstation is a client machine, then follow the simple work around patch below. ******Work Around / Patch:****** Notice: this will disable monitor/control and snapshots in Fl_Teachertool. Edit the file /opt/ltsp/i386/etc/lts.conf and *COMMENT* the vnc module line (i.e. INSERT a "#" at the beginning of the line): # X4_MODULE_02 = vnc OR (depending how you enabled the vnc server on the client) Delete the x11vnc line in /opt/ltsp/i386/etc/rc.local reboot the client machines. For good measure, delete your old vnc password files: rm /opt/ltsp/i386/root/.vnc/passwd rm /root/.vnc/passwd -- Robert Arkiletian Eric Hamber Secondary, Vancouver, Canada Fl_TeacherTool http://www3.telus.net/public/robark/Fl_TeacherTool/ C++ GUI tutorial http://www3.telus.net/public/robark/ -- edubuntu-users mailing list edubuntu-users@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users