[Prev][Next][Index][Thread]
XDMCP security?
I just discovered that taking away the shell from a user (leaving him only
with pop) won't stop him from getting a shell if he opens an X session
through XDMCP (i.e. any win95 station and a few freewares :-(
I was stupid enough to overlook this untill now because I didn't dig into
X security (dumb, I know).
first stage was to limit xdm's responses to my LAN only, but it isn't good
enough for me...
deleting the users' .xsession is a patial solution, but they can undo
that, and creating a .xsession owned by root (non-rewritable by the user)
seems like an awkward solution. ideas anyone?
-------------------------------------------------------------
Ira Abramov <ira@scso.com> Scalable Solutions
SITE Web Presence ("webspace for rent") http://www.site.co.il
Beeper 48484 at 03-610-6666, 02-6294-666 FAX (972)2-643-0471
POBox 3600, Jerusalem 91035, Israel Tel (972)2-642-6822
http://www.scso.com/~ira Check out: http://www.linux.org.il
Follow-Ups: