On 07/26/2010 11:38 PM, DRC wrote: > On 7/26/10 4:43 PM, Antoine Martin wrote: >>> You're missing my point. What I'm trying to do is implement a mechanism >>> whereby the SysAdmin can set global defaults for all TigerVNC server >>> sessions on the system. Yes, there are always ways to hack around this, >>> but the idea is to make it difficult enough to hack around that most >>> users won't bother. If a SysAdmin prefers that the insecure security >>> types, such as VncAuth, not be exposed by default, then they should be >>> able to at least make it difficult for a user to use those types. >> I think the point was understood, but we are discussing the value of >> having a "security" feature which is trivial to bypass and makes the use >> of the command line options less intuitive. Personally I do not like >> this type of "features".. > You have still not explained how a hard-coded authentication > configuration file that only root has write access to is "trivial" to > bypass. As someone said, you can bypass the restrictions by downloading other Xvnc binaries for your platform of choice. (see rpmfind and others) So the restriction is just an illusion of "security", and I worry that people may start relying on it. Not to mention that these "other" binaries might be much worse too.
If sysadmins really want to secure their system, then they are going to have to do it properly. Not a bad thing IMO. Cheers Antoine ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/ _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
