VNC 3.3.1: passwords and security

Ivan Popov pin "at" math.chalmers.se
Fri, 06 Mar 1998 09:47:05 +0000


On 6 Mar 1998, Lionel Cons wrote:

> One (ORL?) has to decide from the start if VNC supposed to be secure
> or not. If yes, we should do a complete audit to find all the
> weaknesses and fix them. If not, we should make sure that using VNC
> with SSH, tcp_wrappers... is easy and secure.

It would be beneficial to separate different tasks.
vnc is very good at forwarding a session, but authentication and
encryption could be done by some "pluggable" modules. In that case the
modules can be easily adapted to any local security mechanism and/or
policy.

One simple interface that comes to mind is server using local fifo (and
e.g. its access modes?) to restrict client access (and external program
like ssh or even telnet ;-) making authentication and establishing the
channel)

Root always has an ability to steal a session (it is in memory, isn't
it, or anyway the X clients' sockets are under roots control)...

My 2c

--
Ivan Popov <pin "at" math.chalmers.se>
Systemman, Driftavdelningen, Matematiska institutionen, Chalmers TH