[SunHELP] Solaris Installation without Xwindows Support..
DAUBIGNE Sebastien - BOR ( SDaubigne@bordeaux-bersol.sema.slb.com )
SDaubigne at bordeaux-bersol.sema.slb.com
Wed Oct 9 03:59:37 CDT 2002
As far as I know, telnet is as secure as rexec.
Both send user name and unencrypted password as authentification.
int rexec(char **ahost, unsigned short inport, const char *user, const char
*passwd, const char *cmd, int *fd2p);
rsh is less secure if you use the hosts.equiv/.rhosts facility
(authentification based on IP address and reserved ports numbers).
Another alternative if to use XDMCP, which uses a similar authentification
method as telnet/rexec.
---
Sebastien DAUBIGNE
sdaubigne at bordeaux-bersol.sema.slb.com <mailto:sebastien.daubigne at sema.fr>
- (+33)5.57.26.56.36
SchlumbergerSema - SGS/DWH/Pessac
-----Message d'origine-----
De: Sheldon T. Hall [SMTP:shel at cmhcsys.com]
Date: mardi 8 octobre 2002 23:24
@: sunhelp at sunhelp.org
Objet: Re: [SunHELP] Solaris Installation without Xwindows
Support..
Original Message From: "Chris David" <kchris_iii at hotmail.com>
> Thanks all for 'netra' help. Due to some security risks, i was
told to
> install Solaris without X windows support? Have any one installed
Solaris
8
> without X windows? If i install successfully, can i use some tools
like
> Exceed to call gui (if required)?
I wouldn't think so. If there's no "X windows" installed on the
machine,
i.e. no /usr/openwin/bin or /usr/dt/bin or equivalent trees, Exceed
wouldn't
have anything to talk to. There wouldn't be a window manager, an
xterm
program, or any of that stuff.
I'm not sure that X, in and of itself, is that big of a security
risk. The
rsh and rexec methods of starting an X client certainly are, but X
itself?
Probably not.
Without rsh or rexec running (you can turn them off in
/etc/inetd.conf, I
think), but _with_ the X stuff installed, anyone wanting the X gui
could
still get it, but they would have to telnet in to the box to start
it. That
would leave a much better audit trail than rsh or rexec do.
I'm no security expert, though.
-Shel
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list