I can use phditto to get the display of a remote box in my network:
phditto -t192.168.0.100 -n/dev/photon
There’s no authentification needed to hijack the display. Is this a security
issue ?? How can i correct it ?
Thanks for your answers.
I can use phditto to get the display of a remote box in my network:
phditto -t192.168.0.100 -n/dev/photon
There’s no authentification needed to hijack the display. Is this a security
issue ?? How can i correct it ?
Thanks for your answers.
Sebastien Cantos <scantos@technodiva.com> wrote:
I can use phditto to get the display of a remote box in my network:
phditto -t192.168.0.100 -n/dev/photonThere’s no authentification needed to hijack the display. Is this a security
issue ?? How can i correct it ?
I think there was not much concern to security in the construction of phditto.
But i believe you can change the permissions of your own /dev/photon session and the
phrelay entry in /etc/inetd.conf so that the hijacking doesn’t take place.
Thanks for your answers.
Horst.Hannappel@mbs-software.de wrote:
Sebastien Cantos <> scantos@technodiva.com> > wrote:
I can use phditto to get the display of a remote box in my network:
phditto -t192.168.0.100 -n/dev/photonThere’s no authentification needed to hijack the display. Is this a security
issue ?? How can i correct it ?I think there was not much concern to security in the construction of phditto.
But i believe you can change the permissions of your own /dev/photon session and the
May be i was not clear enough:
chmod o-rw /dev/photon
phrelay entry in /etc/inetd.conf so that the hijacking doesn’t take place.
Thanks for your answers.