Roasting old chestnuts

Robert de Bath list-vnc-list@mayday.cix.co.uk
Tue Jul 22 23:22:01 2003


Oops, I forgot to send this, I'll post it anyway ...

On Sun, 6 Jul 2003, William Hooper wrote:

> > The only probable 'security issue' is the very fact that you're uploading
> > files; that's why I'm suggesting a specific directory for files to arrive
> > in and the authentication requirement.
>
> Most security issues discovered recently have been related to buffer
> overflows when accepting input.
>
> > As for the 'complexity issue', I don't see it, the http server already
> > has to accept a potentially infinte input and send a response. The only
> > difference is that instead of thowing away a large input you store it
> > in a file, if authenticated.
>
> The http server accepts no input.  It serves exactly one thing, the java
> VNC viewer.

Oh my, I'm sure you know better ... It serves at least three different
files, the HTML homepage, the JAVA file and a 404 error page. As I
recall the Unix version will serve any file in a particular directory.
The http server's input is the GET command followed by lots of lines or
any junk an attacker may decide to throw at it.

> > Secondly, using other tools. Yes that's what I tend to do now.  But it
> > increases complexity, not only for the installation but also for day
> > to day use.
>
> You are suggesting using another application to do the uploads anyway.
> Why not use a server and client designed for file transfers?
>
> This is the basis of the design of Unix.  Small tools that do their one
> thing well.

Please, don't get religious on me, I know this, I also know that this
frequently ignored. Do you happen to use emacs, for example?
(Nb: I don't)

>              VNC does remote displays well.  Many other programs do file
> transfers well.

Even so here the 'thing' (job) that needs doing is remote control of
a computer; this frequently involves copying data that was prepared
earlier from here to there (or vs-versa). This is why ssh has file
transfer facilities after all.

I understand that any hack to the RFB protocol is very likely to be as
evil as doing a kermit transfer through a telnet connection. Using the
http server is IMO much neater.

Oh and it's a separate executable at the client end so you can throw
it away if you're _positive_ you won't need it. (Or you can use a
'real' web browser to download it or it's java equlivent)

> > Plus it's not the point; file transfer is one of the most requested
> > features for VNC. I'm just trying to suggest a way it could be done
> > without bast^H^H^H^Hmangling the RFB protocol.
>
> Just because it is requested doesn't mean it is a good idea.  Not having
> to use a username and password is the most requested thing on my work
> network.  It isn't going to happen.

Sigh, that's seriously off topic, but if the users are saying that it
normally means that your 'single sign on' integration isn't working.
So you do have something that needs fixing in the _right_ way, your
your average user sees the problem but not the real solution.
Again the designers of ssh have seen the problem and have a good
solution (ssh-agent).

-- 
Rob.                          (Robert de Bath <robert$ @ debath.co.uk>)
                                       <http://www.cix.co.uk/~mayday>
Google Homepage:   http://www.google.com/search?btnI&q=Robert+de+Bath