Mailinglist Archive: opensuse-edu (60 mails)
| < Previous | Next > |
Re: [opensuse-edu] security issues regarding italc client startup
- From: Lars Vogdt <lrupp@xxxxxxx>
- Date: Thu, 17 Jul 2008 10:11:21 +0200
- Message-id: <20080717101121.ed452ewqo0k4wsc4@xxxxxxxxxxxx>
Hi Ben
On Do 17 Jul 2008 04:41:54 CEST Ben Cooksley <sourtooth@xxxxxxxxx> wrote:
Even with patching /etc/X11/xdm/Xsetup, users can kill the client - so the switch to a "non destructive" setup doesn't hurt in this case. So users are able to kill the client - but this is IMO something which can be handled "outside" the computer via face to face communication...
But: I think we can switch to use the xauth-cookies and start the client as root - using the authority files for the users desktop. The problem: that's something completely new for me and I have to investigate some time to get this up and running even for multiple users on a Terminalserver. (Any help welcome ;-)
So the "security" problem is nothing new in the end - and a solution can be provided in the near future. Until then, a teacher already noticed that a user has killed the ica client - so think of it like an attempt to deceive...
With kind regards,
Lars
--
To unsubscribe, e-mail: opensuse-edu+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-edu+help@xxxxxxxxxxxx
On Do 17 Jul 2008 04:41:54 CEST Ben Cooksley <sourtooth@xxxxxxxxx> wrote:
I recently noticed that the italc client is being started as the user
that logged in, and this allowed them to kill the italc client and
escape my control. i traced the problem and found that you have
switched to using /etc/sysconfig/ica instead of patching the
/etc/X11/xdm/Xsetup script. I also noticed that it no longer runs at
the logon screen. both features ( running at the logon screen,
inability to kill italc for users ) are very important to me,
especially the users inability to kill the italc client. Is there any
hope that this situation will change in the future, or are there
workarounds to stop users from killing the italc client?
Even with patching /etc/X11/xdm/Xsetup, users can kill the client - so the switch to a "non destructive" setup doesn't hurt in this case. So users are able to kill the client - but this is IMO something which can be handled "outside" the computer via face to face communication...
But: I think we can switch to use the xauth-cookies and start the client as root - using the authority files for the users desktop. The problem: that's something completely new for me and I have to investigate some time to get this up and running even for multiple users on a Terminalserver. (Any help welcome ;-)
So the "security" problem is nothing new in the end - and a solution can be provided in the near future. Until then, a teacher already noticed that a user has killed the ica client - so think of it like an attempt to deceive...
With kind regards,
Lars
--
To unsubscribe, e-mail: opensuse-edu+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-edu+help@xxxxxxxxxxxx
| < Previous | Next > |