Yes there is indeed a chance of exploiting holes in codecs etc... but hows that any bigger issue than it is for EVERY user in the world that views video on their desktop anyway? This is certainly not a bigger concern on a netbooted stateless thin client than it would be on your average desktop setup, now is it?
Sure... a transcoder can be thrown into "the mix" but that kind of goes a against the basic core idea of being gentle with the server side resources. But who is to say the transcoder would not be the actual target for attack..?
Security issues with codecs tend to get fixed just as security holes in SSH related stuff tend to be taken care of... Quite frankly I would be just as concerned about security holes in the nxproxying and pulse audio... (and i seem to remember some very real and very serious cupsd issues some time ago...)
Just simply always get the latest security updates for the stuff your running....
In use cases with need for extreme security, you would probably not want to be trusting your "graphical firewall" client software either, to be running on your sensitive hardware.
If your in possession of something that someone with resources really wants... and your targeted... you targeted... and your "graphical firewall" could turn into their entry point... be it X2Go, RDP, Citrix or VNC or what ever else...
Anyway, do not worry! You will not be forced to run Telekinesis or mTelePlayer... it will be a separate package you would need to explicitly install.
-GZNGET
On 03/19/2014 08:47 AM, Stefan Baur wrote:
Am 19.03.2014 08:21, schrieb GZ Nianguan E.T.:
As for client side requiring support for the media format... The alternative is turn everything into a "known" format on the server side...(transcoding?) which is just takes too much server resources... and introduces a bunch of other issues... In a linux thin client environment distributing new codecs or update to existing codecs is not a big deal.. As for clients running as an application on traditional desktops, we may integrate some form of codec distribution system.
There is a security tradeoff here, though: For the average Joe, who just wants to play videos and doesn't care about security, your solution will work just fine, but if you're using X2Go as a "graphic firewall", where only images and sounds are passed to the client, you cannot use Telekinesis, since you're running an unchanged audio/video stream - and there have been exploits that work by passing a specially crafted image file/audio/video stream. So all of a sudden you're executing malicious code on your client. Transcoding into a known format would lower the chance of that happening (because the attacker would have to craft his file/stream in a way that it does its nasty deed *after* being transcoded), but it would not eliminate it entirely.
-Stefan