[FreeNX-kNX] access freenx server from a lts terminal

Cardon Denis denis.cardon at tranquilitsystems.com
Tue May 31 14:14:27 UTC 2005 

Hi Chris,

X protocol is a network protocol. When you display an application on
your X server (which is in your case your thin client), you first have
to authorize that specific application to display on your screen.
Otherwise, a malicious phisher could send you a firefox from his
computer on which he monitors all keystrokes. 

xhost + command authorizes any host to send applications on your X
display... so it is a security hazard.

I had already noticed that nxclient issue, but I still did get the time
to find the reason why it doesn't use the correct X credentials.

I don't think it is a very hard bug to correct, so NX gurus on this
could probably find the solution quite fast. (to show up that bug, you
just have to export the display of the nxclient on another unix station
and launch a nx session. setting up a full blow ltsp is hopefully not
necessary :-) 

Cheers,

Denis

Le mardi 31 mai 2005 à 15:26 +0200, Chris Fanning a écrit :
> ok Denis. it works. thankyou very much.
> 
> What sort of security risks do you think this implies?
> 
> Chris.
> 
> 
> On 5/31/05, Cardon Denis <denis.cardon at tranquilitsystems.com> wrote:
> > Hi Chris,
> > 
> > > I've recently migrated some workstations from full windows
> > > instalations to thincients (LTSP). Before, users could access their
> > > remote kde using the windows nxclient. Now these users are sitting at
> > > thinclients using a kde session on the local server. Now they cannot
> > > access their remote kde session via nx.
> > 
> > it is a problem linked to the X authentication mechanism. I have not yet
> > had the time to find the proper solution, but an xhost + before
> > launching the nx client should do it.
> > 
> > Cheers,
> > 
> > Denis
> > 
> > > _______________________________________________
> > > FreeNX-kNX mailing list
> > > FreeNX-kNX at kde.org
> > > https://mail.kde.org/mailman/listinfo/freenx-knx
> > --
> > Denis Cardon
> > Tranquil IT Systems
> > 10 rue du Docteur Bouchard
> > 49400 Saumur
> > tel : +33 (0) 2.41.67.56.99
> > fax : +33 (0) 2 41 51 71 97
> > mob : +33 (0) 6 81 66 27 62
> > http://www.tranquil-it-systems.fr
> > 
> > 
> > _______________________________________________
> > FreeNX-kNX mailing list
> > FreeNX-kNX at kde.org
> > https://mail.kde.org/mailman/listinfo/freenx-knx
> >
> _______________________________________________
> FreeNX-kNX mailing list
> FreeNX-kNX at kde.org
> https://mail.kde.org/mailman/listinfo/freenx-knx
-- 
Denis Cardon
Tranquil IT Systems
10 rue du Docteur Bouchard
49400 Saumur
tel : +33 (0) 2.41.67.56.99
fax : +33 (0) 2 41 51 71 97
mob : +33 (0) 6 81 66 27 62
http://www.tranquil-it-systems.fr

More information about the FreeNX-kNX mailing list