[FreeNX-kNX] nxshell...

Marcus Schäfer ms at suse.de
Fri Jan 28 09:05:43 UTC 2005


Hi,

> However the main idea of the nxtunnel with ssh -X support was to completely 
> get rid of the ssh-Portforwarding as its not allowed everywhere _and_ you can 
> clatch ports.

yes I agree unfortunately I didn't know about another method to be
able to open a control port on the remote side if there is a firewall
or some sort of masquerading in between. If the firewall doesn't pass
the ports you are using we are lost and if the machine is masqueraded
we are losing the communication endpoint.

> Btw. How do you prevent a malicious user from getting the cookie on the 
> forwared port, before your script. There might be still a race condition.

yes you are right there may be a security issue as well. Hmm, the
listeners are started first so if there is a malicious user trying to
catch the cookie the nxshell will fail because of the fact that there
is already a process listening. No cookie is sent in this case but I
agree there may be a security issue which I didn't think about...

> I'll test it as soon as I can.

Fine :) Thanks

Regards
Marcus
-- 
 Public Key available
 ----------------------------------------------------
 Marcus Schäfer (Res. & Dev.)   SUSE LINUX GmbH
 Tel: 0911-740 53 0             Maxfeldstrasse 5
 FAX: 0911-741 77 55            D-90409 Nürnberg
 http://www.suse.de             Germany
 ----------------------------------------------------



More information about the FreeNX-kNX mailing list