Re: [MLUG]

[Mike Miller <EMAIL:PROTECTED>]

On Wed, 5 Apr 2000, Buford, Rick wrote:

> Are there any security risks associated with using vncserver? I
> remember that older versions of vnc had a security flaw that would
> essentially let anyone log into the session...

What?!  I hope not because I've been using it for a year or so and I've
read the list most of that time and I haven't heard of this problem.  
Tell me more.


> Other than locking the display before closing the session, is there
> anything else I need to do to secure this? Is there a way to force the
> server in /etc/rc.d/init.d/ to run as non-root? Since I havent been
> using any GUI on any of my linux boxes, being able to run an X/Gnome
> session is kind of a hoot =)

I compiled in tcp_wrappers support for Xvnc, so I restrict access that
way.  Unfortunately, the Xvnc attempts are not logged by tcp_wrappers.  
Now I am using iplog (thanks to someone on this list who told me about
it).  iplog will log all attempts to connect to all ports (Xvnc is in the
5900-5999 range), thus that I can see what's happening with Xvnc.  I also
have the hosts.deny file of tcp_wrappers configured to send me an e-mail
message whenever a connection to Xvnc is rejected by tcp_wrappers.  So I
feel pretty secure altogether.

Mike

-- 
Michael B. Miller
University of Missouri--Columbia
http://taxa.psyc.missouri.edu/~mbmiller/

--
To unsubscribe, send a new message with no subject and the words
"unsubscribe members" in the body to EMAIL:PROTECTED

Archives are available at http://mlug.missouri.edu/list-archives/