On 07/23/2010 04:24 PM, DRC wrote:
> On 7/23/10 3:40 AM, Martin Koegler wrote:
>> On Thu, Jul 22, 2010 at 04:02:52PM -0500, DRC wrote:
>>> This makes the use of extended authentication types somewhat useless
>>> from the point of view of a SysAdmin, though. If there is not a way for
>>> them to
On 7/26/10 4:43 PM, Antoine Martin wrote:
>> You're missing my point. What I'm trying to do is implement a mechanism
>> whereby the SysAdmin can set global defaults for all TigerVNC server
>> sessions on the system. Yes, there are always ways to hack around this,
>> but the idea is to make it dif
On 07/26/2010 11:38 PM, DRC wrote:
> On 7/26/10 4:43 PM, Antoine Martin wrote:
>>> You're missing my point. What I'm trying to do is implement a mechanism
>>> whereby the SysAdmin can set global defaults for all TigerVNC server
>>> sessions on the system. Yes, there are always ways to hack arou
I believe he is referring to the ability of the user to upload and run a
binary that does not look at that config file. All pre-compiled and
ready for joe user to upload. This too could be prevented by locking
down filesystems with noexec mount options, iptables rules, and/or
selinux policies
On 7/26/10 6:54 PM, Antoine Martin wrote:
> As someone said, you can bypass the restrictions by downloading other
> Xvnc binaries for your platform of choice. (see rpmfind and others)
> So the restriction is just an illusion of "security", and I worry that
> people may start relying on it.
> Not
