[FreeNX-kNX] nxclient and "challengeresponseauthentication no"

ted creedon tcreedon at easystreet.com
Mon Feb 6 19:05:53 UTC 2006


The only possible thing would be triggering a stack overflow in the NX
server.

User nx's login shell is the server. I suppose it could be chrooted if
required.

tedc

-----Original Message-----
From: Rick Stout [mailto:zipsonic at gmail.com] 
Sent: Monday, February 06, 2006 8:00 AM
To: User Support for FreeNX Server and kNX Client
Subject: Re: [FreeNX-kNX] nxclient and "challengeresponseauthentication no"

Give us a real-world scenario where you can take over a box if you have
the client.id_dsa.key, Please do this, and we'll look into it.
Step-by-step, how you would do it is necessary.

I believe that your understandings of the operating system are lacking
somewhere, or you are missing something about the security in NX. To
switch to user NX, you have have to have wheel/sudo access. If you ssh
into the box as user nx, you only get the nxserver as your shell (which
really isnt a shell), so you cant su to any other user. Where is the
security hole?

Regards,

Rick Stout

> 
> Just run nxclient?  Type in your boss's userid and password and xterm
> with the shell of your choice in unix custom?  I fail to see much
> distinction between typing "su..." at a prompt and having nxserver run
> it for me, if I control the input.
> 

Btw, if you have your boss's userid and password, the security hole is
there, not with nx.
_______________________________________________
FreeNX-kNX mailing list
FreeNX-kNX at kde.org
https://mail.kde.org/mailman/listinfo/freenx-knx





More information about the FreeNX-kNX mailing list