Brian, Brian Cameron ??: > > Henry: > >> .gkrellm2/plugins is for gkrellm client, it is used for gkrellm >> running to show the status of the local machine. >> The ~/.gkrellm2/plugins-gkrellmd/ is used to store server plugins for >> user, so user can add some his own plugins, and then run gkrellm >> client remotely to get the relative information. > > If I trick a user into installing a plugin which allows them to monitor > my keyboard strokes, could such information be sent to the remote > client? Yes, it's possible.
> > What, if anything, can a system administrator do to prevent such attacks > from being possible. Can the system administrator turn off the feature > which allows users plugins to be functional? Is this feature off or on > by default? By default, gkrellmd server will load and run all plugins, but we can change some codes to make it not load all plugins under ~/.gkrellm2/plugins-gkrellmd/, only load the plugins installed by sysadmins.. > > Brian
