Yes there is indeed a chance of exploiting holes in codecs etc...
but hows that any bigger issue than it is for EVERY user in the world
that views video on their desktop anyway? This is certainly not a
bigger concern on a netbooted stateless thin client than it would be on
your average desktop setup, now is it?
Sure... a transcoder can be thrown into "the mix" but that kind of goes
a against the basic core idea of being gentle with the server side
resources.
But who is to say the transcoder would not be the actual target for
attack..?
Security issues with codecs tend to get fixed just as security holes in
SSH related stuff tend to be taken care of...
Quite frankly I would be just as concerned about security holes in the
nxproxying and pulse audio... (and i seem to remember some very real and
very serious cupsd issues some time ago...)
Just simply always get the latest security updates for the stuff your
running....
In use cases with need for extreme security, you would probably not want
to be trusting your "graphical firewall" client software either, to be
running on your sensitive hardware.
If your in possession of something that someone with resources really
wants... and your targeted... you targeted... and your "graphical
firewall" could turn into their entry point... be it X2Go, RDP, Citrix
or VNC or what ever else...
Anyway, do not worry! You will not be forced to run Telekinesis or
mTelePlayer... it will be a separate package you would need to
explicitly install.
-GZNGET
On 03/19/2014 08:47 AM, Stefan Baur wrote:
Am 19.03.2014 08:21, schrieb GZ Nianguan E.T.:
As for client side requiring support for the media format...
The alternative is turn everything into a "known" format on the server
side...(transcoding?) which is just takes too much server resources...
and introduces a bunch of other issues... In a linux thin client
environment distributing new codecs or update to existing codecs is not
a big deal.. As for clients running as an application on traditional
desktops, we may integrate some form of codec distribution system.
There is a security tradeoff here, though:
For the average Joe, who just wants to play videos and doesn't care
about security, your solution will work just fine, but if you're using
X2Go as a "graphic firewall", where only images and sounds are passed to
the client, you cannot use Telekinesis, since you're running an
unchanged audio/video stream - and there have been exploits that work by
passing a specially crafted image file/audio/video stream. So all of a
sudden you're executing malicious code on your client. Transcoding into
a known format would lower the chance of that happening (because the
attacker would have to craft his file/stream in a way that it does its
nasty deed *after* being transcoded), but it would not eliminate it
entirely.
-Stefan
_______________________________________________
X2Go-User mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/x2go-user
