Open Port Indicator?

Soren Hansen sh at linux2go.dk
Thu Mar 15 13:14:29 UTC 2007


On Thu, Mar 15, 2007 at 09:37:03PM +0900, Arwyn Hainsworth wrote:
> On 15/03/07, Soren Hansen <sh at linux2go.dk> wrote:
> >On Thu, Mar 15, 2007 at 10:23:32AM +0900, Arwyn Hainsworth wrote:
> >> >I've always thought that the option of just giving any user access
> >> >without authentication is broken and should be removed. Something
> >> >like what happened to this user was bound to happen sooner or later
> >> >and I can't think up a use case that justifies its presence. Can any
> >> >of you?
> >> I had a friend once who kept his home PC on so that he could log in
> >> via remote desktop from work. IMHO that's a perfectly normal use case,
> >> so it should be possible to log in without local user intervention and
> >> removing that ability would be a mistake.
> >An he can't remember a simple password?
> I think you are misunderstanding my point or I was misunderstanding
> yours.

I asked for a use case where it made sense to allow access without any
form of authentication. Your response was a use case where someone
needed access from the outside to an unmonitored machine. I failed to
understand why said user was dependent on not having to give a password
for that.

> Some form of authentication should be required. It can be either
> password authentication, public/private key authentication, direct
> user intervention or a mixture of 2 or 3 of the above. Providing at
> least one method of authentication is active I see no problem, however
> I do agree that allowing remote connection without any form of
> authentication is a security flaw and should not be possible.

Indeed.

> After checking Preferences->Remote_Desktop it does indeed seem to be
> possible to disable all forms of authentication. Not good.

If noone comes up with a proper use case I'll just hack together a patch
that makes it impossible.

-- 
| Soren Hansen    | Linux2Go                  | http://Linux2Go.dk/ |
| Seniorkonsulent | Lindholmsvej 42, 2. TH    | +45 46 90 26 42     |
| sh at linux2go.dk  | 9400 Norresundby, Denmark | GPG key: E8BDA4E3   |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20070315/8560bcfb/attachment.pgp>


More information about the Ubuntu-devel-discuss mailing list