[Pkg-ltsp-devel] Bug#469462: X access wide open on LTSP clients
Christian Herzog
herzog at phys.ethz.ch
Wed Mar 5 11:16:51 UTC 2008
Package: ltsp
Version: 5.0.40~bzr20080214-1~40.etch.0
Severity: critical
X connections to :6 on LTSP clients are possible from any machine on the
network.
Some notes:
- LDM_DIRECTX = False or True does not change anything
- on the client, X is running with the '-auth /root/.Xauthority' flag.
However, /root is mounted ro by default. Adding it to copy_dirs in
/etc/default/ltsp-client-setup allows .Xauthority to be generated, but
X connections are still possible.
- using iptables rules, we could at least restrict access to the
terminal server
best,
-Christian
--
Dr. Christian Herzog e-mail: herzog at phys.ethz.ch
IT Systems Specialist voice: +41 44 633 3950
Department of Physics office: HPR E86.1
Swiss Federal Institute of Technology 8093 Zurich, Switzerland
More information about the Pkg-ltsp-devel
mailing list