NX Security (was [FreeNX-kNX] Re: got: "cannot create directory `/home/.nx'")
Kurt Pfeifle
k1pfeifle at gmx.net
Tue Oct 19 22:48:21 UTC 2004
On Wednesday 20 October 2004 00:02, freenx at mikebell.org wrote:
> A compromise of freenx in this fashion would give you a local,
> restricted shell account. However in addition to being able to turn
> around and apply a local root exploit, you also have the quite useful
> capability to monitor all the cleartext passwords of people trying to
> log in using nx sessions, as well as all their keystrokes (and hence
> even more passwords), again without the need for a local root exploit.
A local root exploit applied to one of your machines -- and you are
screwed, no doubt about that. That is true for NX or non-NX machines.
But what make you think that you could "monitor cleartext passwords
of people trying to log in using nx sessions, as well as all their
keystrokes" even *without* the need for a root exploit, with just the
privilege of the nx user?
More information about the FreeNX-kNX
mailing list