[FreeNX-kNX] ANNOUNCE: FreeNX 0.2.5 released

Rick Stout zipsonic at gmail.com
Fri Oct 15 15:26:51 UTC 2004 

Rick Stout wrote:
> 
> Marcin Bukat wrote:
> 
>> Fabian Franz wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Hi,
>>>
>>> after a long break, I just released FreeNX 0.2.5.
>>>
>>> You can find the tarball at the usual location:
>>>
>>> http://debian.tu-bs.de/knoppix/nx/
>>>
>>> Change to CVS will be done soon. I'm just waiting for my access data 
>>> for FreeDesktop.org. (I sent my ssh-key just today, so it'll take a 
>>> while of course)
>>>
>>> Also a big thanks goes to Rick Stout, who not only seems to make 
>>> really great Fedora packages, but also has contributed very valuable 
>>> patches.
>>>
>>> I'm afraid that the change from nxserver to a config file did not 
>>> take place today, because I ran out of time. But it is planned for 
>>> 0.2.6, I just have to re-think _how_ I want to do it.
>>>
>>> Enjoy the ChangeLog:
>>>
>>> 14.10.2004 FreeNX 0.2.5
>>>        * Added Xdialog interface for nxclient and automatic usage
>>>          of commercial nxclient when available. (Thx go to Rick Stout
>>>          <zipsonic at gmail.com>)
>>>        * Added bugfix from the 0.3.0 branch for more flexible 
>>> nxdesktop in
>>>          nxnode.
>>>        * Added patch by Rick Stout for permission problems in nxnode.
>>>        * Added patch by Rick Stout for a typo in nxkeygen.
>>>        * Updated gentoo-nomachine.diff.
>>>        * Updated CONTRIB to include a description of lazy-image 
>>> encoding.
>>>
>>> Again I wanted to request:
>>>
>>> If anyone is able to program in C/C++ and has some spare time, please 
>>> take a look at the CONTRIB file and the tasks outlined in there.
>>>
>>> Good news is also (at least for me ;) ) that I succeeded in my math 
>>> exam, which was part of my long break.
>>>  
>>>
>> There seems to be bug in fake nxclient from this package. At line 11 
>> it checks for Nomachine's nxclient in /usr/NX/bin directory and run it 
>> if pressent. Imagine what will happen if someone  puts 'fake' client 
>> in this location.
>>
>> regards
>> Marcin Bukat
> 
> 
> The same thing that would happen if someone put a fake bash, fake su, 
> fake <insert program here>. The nomachine nxclient file gets installed 
> as root:root 755, meaning that unless you have root access, you cant 
> change the file. And if an unwanted person has root access, that file 
> being changed is the least of your worries.
> 
> Regards,
> Rick Stout
> 
Wait, nevermind. I get it. I read your post wrong. The gentoo 
installation puts their 'fake' client their. So it would be an endless 
loop. How about checking for a binary file at that location?

Again, sorry about that. Its morning here, and the caffeine just kicked 
in. :)

Rick
>> _______________________________________________
>> FreeNX-kNX mailing list
>> FreeNX-kNX at kde.org
>> https://mail.kde.org/mailman/listinfo/freenx-knx
>>
>>
>>
>

More information about the FreeNX-kNX mailing list