[pkg-fso-maint] Bug#584411: mention network security
jidanni at jidanni.org
jidanni at jidanni.org
Thu Jun 3 08:54:18 UTC 2010
Package: nodm
Version: 0.7-1
Severity: wishlist
In README and on the man page, you mention
On a normal computer, using nodm is a big security issue because it would give anyone access to the computer.
However, there are cases where automatic login is needed: for example in an embedded system such as a mobile
phone, or in a kiosk setup, or in a control panel for industrial machinery. For those cases, nodm is simple to
setup, lightweight, and it should do exactly the right thing.
OK, we now know the keyboard is now open to all comers.
But you neglect to mention one bit about the network. E.g,. in man xdm,
we see
allow-all-access
Disables access control in the server. This can be used
when the .Xauthority file cannot be created by xdm. Be
very careful using this; it might be better to disconnect
the machine from the network before doing this.
So please also mention on the nodm README and man page, if one needs to
take special steps after installing nodm to re-secure ones network, or
if in fact, it is just as safe to connect ones computer to the network
with nodm running as it was before. Thanks.
More information about the pkg-fso-maint
mailing list