change to vncpasswd requested
Boyce, David
David.Boyce "at" Fmr.com
Mon, 28 Sep 1998 19:18:18 +0000
Sigh. My biggest irritation with mailing lists like this is the high
condescension-to-information ratio. So let me try to slog through the
condescension and keep the focus where it belongs.
First, I'm in a SW development environment, behind a firewall, where all
the developers know the (common) root password. And they have physical
access to all the machines. As with most development organizations,
developers have chosen to optimize their environment for efficiency and
convenience over security, not least because they know their cohorts
could hack through any defenses they put up anyway - not that there's
much to steal anyway. And there are very many such environments in my
experience; I suspect ORL themselves are similar.
Second, note that I did not ask whether it's ok for me to keep password
files on NFS; I'll make that decision myself, thank you. Neither did I
ask for the vncpasswd program to be modified to make files readable by
default. I asked if there was a problem with changing it to respect the
user's explicit preference, iff he or she changes the file's permissions
explicitly.
I realize there are lots of threads going around involving VNC security,
a number of improved models being proposed and maybe even implemented.
And I respect that there are many applications which require advanced
security models. But I don't want my request for a three-line patch to
the current model get lost in a muddle of patronizing lectures and/or
ruminations on other security models - instead I'd like either a
response from the developers as to whether they'll make this change, or
from anyone giving a valid explanation of how it could hurt someone who
doesn't explicitly override the permissions.
My feeling is that most "corporate" software, eg Microsoft products, try
to stop you from shooting yourself in the foot but often end up
preventing you from shooting your supper as well. Whereas freeware
usually contents itself with documenting how to shoot. I'd hate to see
VNC get away from the latter model.
-David Boyce
> -----Original Message-----
> From: Ivan Popov [SMTP:pin "at" math.chalmers.se]
> Sent: Monday, September 28, 1998 5:31 AM
> To: Boyce, David
> Cc: 'vnc-list "at" orl.co.uk'
> Subject: Re: change to vncpasswd requested
>
> On Fri, 25 Sep 1998, Boyce, David wrote:
>
> > ie letting xdm manage it. And I want to let users keep their
> password files
> > on an NFS-mounted filesystem so they don't need to maintain a
> different one
>
> > if it's owned by the user. I have no problem with having to do a
> "chmod a+r"
> > on the password file the first time it's created; the problem is
> that
>
> > Please let me know if this seems doable or if there's a major
> problem with
> > it.
>
> There are, well, two major problems with it:
>
> - having password files on NFS makes them easily accessible for
> virtually
> anyone
>
> - making password file readable for all makes it even easily
> accessible
>
> [Remember, the fact that it is encrypted does _not_ protect it,
> in contrast with the traditional UNIX passwords.]
>
> The consequence is - you have no (once again, _no_) security...
>
> If it is what you need, you are on your own. But to roll the changes
> into
> the distribution would be, least said, an error, IMHO.
>
> Yours,
> --
> Ivan Popov <pin "at" math.chalmers.se>
> Systemman, Driftavdelningen, Matematiska institutionen, Chalmers TH
>
> P.S. To all having user directories on NFS I'd suggest to modify
> vncserver script to place the passwd files somewhere on local file
> system(s). I'd never place them on a distributed file system, besides
> DFS with packet privacy ON (i.e. encrypted).
>
> (is this problem mentioned somewhere in the FAQ?)
---------------------------------------------------------------------
The VNC mailing list - see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------