NX Security (was [FreeNX-kNX] Re: got: "cannot create directory `/home/.nx'")

Tue Oct 19 23:51:41 UTC 2004

On Wednesday 20 October 2004 01:21, freenx at mikebell.org wrote:

> Ahh, I may have been misinformed,

It was *you* yourself who misinformed you.

> but I believe 

It is otiose to discuss what you *believe*.

I have s suggestion: how about you actually start running an NX server
somewhere? Start *seeing* instead of believing, start *experiencing*
instead of speculatiing? 

You can easily probe which user the nxagent and various other process 
run as. You can investigate the /proc filesystem. You can become root 
and do a "su -c nx" to see how the "restricted shell" the nx user gets 
exactly looks like. You can start to try and break it. You can find
out valuable things...

> I read that things like  
> nxagent run as user nx, in order to enable the various management
> functions. 

OK. Now "read" this:

  kurt at p151172204:~> ps aux | grep nxagent | awk '{print $1}'
  danimo
  berlinux
  kurt
  kurt
  kurt
  lauri
  fabian
  tschwall

And then start your own real-life investigation of NX, outside the 
realm of speculation, please.

> If that's the case then the nx user has complete access to 
> the memory space of all those processes. Or he could change the path to
> execute his own versions of various binaries. Or use chsh to change the
> login shell. Or modify ~/.ssh/authorized_keys. Or any number of other
> tricks.

Yes: he could even deplete my bank account (hadn't I myself depleted it
long ago). He could, .....*IF* <bla> <bla> ....

> Some or all of these may not work, before you punch holes in 
> them, my point is simply that shell access as the NX user cannot simply
> be dismissed as harmless.

This last time I ask you now: please look at this "shell" yourself, 
which is what "nx" gets upon login. It likely is not a "shell" like 
you may imagine or what you expect....

Maybe the output of this command gives you an idea:

  kurt at 151172204:~> grep nx /etc/passwd
  nx:x:1003:100::/usr/NX/home/nx:/usr/NX/bin/nxserver

Now the 10.- $US gold question: what is the name of the "shell" the 
user "nx" gets as his login "shell"?