Re: pthreads, C and guacamole [Was: Reduce attack surface - Tomcat and guacamole...]

Hi Nick, Thanks very much for at validating my thought processes. I have managed to get guacamole compiled using a contemporary version of FreeRDP (with the pthread_mutexattr_setpshare commented out). It runs perfectly using ssh connections.  The RDP sessions which I am interested in are qui

Re: pthreads, C and guacamole [Was: Reduce attack surface - Tomcat and guacamole...]

Hi Steve, You're talking about https://github.com/apache/guacamole-server/blob/master/src/libguac/pool.c , I presume? In that case you're right unless - the malloc and pthread_* functions are redefined to mean something weird, or - the physical page containing malloc'ed pool is later made shared b

pthreads, C and guacamole [Was: Reduce attack surface - Tomcat and guacamole...]

Hi, I am looking into guacamole's use of   pthread_mutexattr_setpshare. (an aside, if I comment out the 4 lines of code invoking pthread_mutexattr_setpshare, it compiles with gcc on OpenBSD 6.6 (GENERIC.MP) ) I am an experienced C programmer, but I've never looked in threading in C before so

Re: Reduce attack surface - Tomcat and guacamole...

On 2020-04-14, Steve Williams wrote: > Guacamole (I believe) needs to run under something like tomcat to serve > up the java war file & application. I looked at this before - it also requires guacamole-server to be built (written in C), it requires mutexes shared between different processes (pth

Re: Reduce attack surface - Tomcat and guacamole...

On Wed, 15 Apr 2020 at 11:56 AM, Steve Williams < st...@williamsitconsulting.com> wrote: > > > On 14/04/2020 4:13 p.m., Sriram Narayanan wrote: > > > > On Wed, 15 Apr 2020 at 6:03 AM, Steve Williams < > st...@williamsitconsulting.com> wrote: > >> Hi, >> >> For a R&D project, I am trying to get gua

Re: Reduce attack surface - Tomcat and guacamole...

Hi, ich i understand right, think about putting a apache or nginx webserver in front, let him terminate the SSL connection including some authentication for example client certificates or at least http basic auth. The as you said, let the tomcat/jboss/whatever servlet container bind against lo

Re: Reduce attack surface - Tomcat and guacamole...

On 14/04/2020 4:13 p.m., Sriram Narayanan wrote: On Wed, 15 Apr 2020 at 6:03 AM, Steve Williams > wrote: Hi, For a R&D project, I am trying to get guacamole working to be able to access systems on my home network remotely. Guacamole

Re: Reduce attack surface - Tomcat and guacamole...

some questions do arise: 1.) is the device which you intend to use under your control? 2.) how would you like to access systems in your home network as for me I have a VPN service on my server so I can access all my systems from a device I own when I am on the road. This saves me from installin

Re: Reduce attack surface - Tomcat and guacamole...

On Wed, 15 Apr 2020 at 6:03 AM, Steve Williams < st...@williamsitconsulting.com> wrote: > Hi, > > For a R&D project, I am trying to get guacamole working to be able to > access systems on my home network remotely. > > Guacamole (I believe) needs to run under something like tomcat to serve > up the

Re: Reduce attack surface - Tomcat and guacamole...

If you want it available only to remote hosts with an ssh session, why not tunnel the tomcat port over the ssh connection? Steve Williams writes: > Hi, > > For a R&D project, I am trying to get guacamole working to be able to > access systems on my home network remotely. > > Guacamole (I believ

Reduce attack surface - Tomcat and guacamole...

Hi, For a R&D project, I am trying to get guacamole working to be able to access systems on my home network remotely. Guacamole (I believe) needs to run under something like tomcat to serve up the java war file & application. I really don't want to have Tomcat exposed to the Internet withou