vncconnect DOES NOT ask for password!! SECURITY CHASM ???
Tue Jun 17 07:52:00 2003
I've never really been happy with the fact that there is no command line
option to Xvnc to disable vncconnect X extensions.
But VNC connect can only be used if the X server has been opened to the
specific hosts (including the localhost) using xhost.
Run xhost and you should see something similar to:
Access control enabled, only authorized clients can connect.
Provided the X server is left secure then, only you will be able to
connect to it (using cookies stored in ~.Xauthority).
If the system is used by several people then it may be worth running a
cron job that periodically either closes X-servers that have been opened
or notifies the sys-admin via email, so the users can be warned to be
It may be possible to increase the security of the VNC server by
starting Xvnc with -nolisten tcp, then at least the X server is secure
from all remote users.
From: email@example.com [mailto:firstname.lastname@example.org] On
Behalf Of Theo Lengyel
Sent: 13 June 2003 19:43
Subject: vncconnect DOES NOT ask for password!! SECURITY CHASM ???
I have noticed some troubling behavior as I have familiarized
myself with vnc. I am hoping that is is only due to a poor default
configuration and that someone can point me to the right place to
reconfigure what I'm about to describe.
No doubt I am a newbie to VNC so I apologize if there is a known and
trivial fix, but I couldn't find it in any of the docs.
I have noticed that by using the following combination, I can open
a session with ANY RUNNING VNCSERVER on that machine!!
I am running on Linux Mandrake 9.1, tightvnc 1.2.7-2,
# first run the viewer in reverse mode:
# (-listen 99 makes it listen on port 5599)
$ vncviewer -listen 99 &
# let's see the running servers ...
$ ps auxw | grep Xvnc
root [snip] Xvnc :0 -desktop X -ht ... etc.
wanda [snip] Xvnc :1 -desktop X -http ... etc.
jack [snip] Xvnc :2 -desktop X -httpd ... etc.
mark [snip] Xvnc :3 -desktop X -httpd /u ... etc.
# take your pick of X display numbers and you can open a
# connection with vncconnect ...
# lets pick the display number root is using :0
$ vncconnect -display :0 localhost:5599
# WHAMO! root's X display at my disposal!!
# any user can connect to any other user's running vncserver this
# way. Granted it probably isn't too wise to leave a root
# vncserver running, but that is beside the point really.
So, is this a bug or a feature? Does anyone know how to disable
PS I usually try to run things fairly securely. I discovered this
after I had already set up users with ssh tunnels for the vnc
connection, and I was just curious about the `-listen' option, I
wasn't even checking for security holes. Then, like I said, WHAMO!
VNC-List mailing list
To remove yourself from the list visit: