[X2Go-User] RHEL 7 beta
Stefan Baur
newsgroups.mail2 at stefanbaur.de
Wed Mar 19 08:47:41 CET 2014
Am 19.03.2014 08:21, schrieb GZ Nianguan E.T.:
> As for client side requiring support for the media format...
> The alternative is turn everything into a "known" format on the server
> side...(transcoding?) which is just takes too much server resources...
> and introduces a bunch of other issues... In a linux thin client
> environment distributing new codecs or update to existing codecs is not
> a big deal.. As for clients running as an application on traditional
> desktops, we may integrate some form of codec distribution system.
There is a security tradeoff here, though:
For the average Joe, who just wants to play videos and doesn't care
about security, your solution will work just fine, but if you're using
X2Go as a "graphic firewall", where only images and sounds are passed to
the client, you cannot use Telekinesis, since you're running an
unchanged audio/video stream - and there have been exploits that work by
passing a specially crafted image file/audio/video stream. So all of a
sudden you're executing malicious code on your client. Transcoding into
a known format would lower the chance of that happening (because the
attacker would have to craft his file/stream in a way that it does its
nasty deed *after* being transcoded), but it would not eliminate it
entirely.
-Stefan
More information about the x2go-user
mailing list