The whole discussion of the FTP server leads back to another thought I'd
had for a while, which came up during the discussion of including
encryption directly in the protocol that I started a few months ago (and
which I'll be bringing back up towards the end of the school term, when I
have programming time to throw at it).
The problem is, there are two ways to see VNC:
1) Stateless display access
2) Custom user session
From the #1 perspective, it should reflect very little on the machine,
besides being able to "grab" control from far away. This is basically how
the Windows version (and now xrc and pals) works. But, from the #2
perspective, you've got a custom session running, which is started by the
user, runs everything as the user, can only do things the user is allowed
to do, etc. This is how the unix side of VNC has been implemented.
What's so different? Well, from the #2 perspective, it doesn't make any
sense to depend on any of the other services on the machine - in fact,
you're trying not to, by way of virtualizing access to that machine. SSH?
The sysadmin runs that, but the user might not be allowed to. All you need
is some memory and a port or two in the high range. In that world, it
doesn't make sense to depend on anything you don't bring with you - and
thus my reluctance to say "SSH is good enough" to secure VNC (well, and the
top-down security approach, too). The same applies for file transfer - in a
#2-style system, you have to make that FTP daemon workable for all the
users. In fact, this is often where security problems in FTP daemons have
come from - exploits which allowed taking advantage of the fact that the
daemon was running as super-user prior to servicing users.
True, from a #1 perspective, adding anything to the VNC approach takes away
from the point. The #1 approach assumes that you're remotely controlling
the _machine_, where, be you admin or not, you can still pretty much
dictate what's going on, and how things are going. You don't tend to think
of accessing WinVNC from the perspective of "I'm only user XXX", but "I
control the machine, I can switch to whatever identity I need to remotely,
'cause I'm controlling the machine".
That's not the only issue underlying this discussion, but it's a big one.
And, maybe it's time for those of us willing to develop VNC beyond the work
of AT&T to talk about which model to stick with. Clearly, with #2, file
transfer, security, etc., if desired, should be included in the server.
Plugins might be a nice way to go. With #1, though, all of that extra
functionality is fluff, and doesn't belong in anything but a co-packaging
arrangement.
----------
Bryan Pendleton
ICQ: 2680952
Phone: (877)780-3087
"The root of all knowledge lies within, but knowledge is useless unless it
is collected and shared."
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
