phditto

I can use phditto to get the display of a remote box in my network:
phditto -t192.168.0.100 -n/dev/photon

There’s no authentification needed to hijack the display. Is this a security
issue ?? How can i correct it ?

Thanks for your answers.

Sebastien Cantos <scantos@technodiva.com> wrote:

I can use phditto to get the display of a remote box in my network:
phditto -t192.168.0.100 -n/dev/photon

There’s no authentification needed to hijack the display. Is this a security
issue ?? How can i correct it ?

I think there was not much concern to security in the construction of phditto.

But i believe you can change the permissions of your own /dev/photon session and the
phrelay entry in /etc/inetd.conf so that the hijacking doesn’t take place.


Thanks for your answers.

Horst.Hannappel@mbs-software.de wrote:

Sebastien Cantos <> scantos@technodiva.com> > wrote:
I can use phditto to get the display of a remote box in my network:
phditto -t192.168.0.100 -n/dev/photon

There’s no authentification needed to hijack the display. Is this a security
issue ?? How can i correct it ?

I think there was not much concern to security in the construction of phditto.

But i believe you can change the permissions of your own /dev/photon session and the

May be i was not clear enough:

chmod o-rw /dev/photon

phrelay entry in /etc/inetd.conf so that the hijacking doesn’t take place.



Thanks for your answers.