Subject: Re: How to set up secure XDM ?
To: Kazuyuki Inanaga <happyday@pp.iij4u.or.jp>
From: None <mngrif@gmail.com>
List: port-mac68k
Date: 11/26/2006 15:40:36
On 11/26/06, Kazuyuki Inanaga <happyday@pp.iij4u.or.jp> wrote:
> Hello.
>
> My IIci has 250MB HDD, it's not big enough to install and run
> X window system. So, I'm preparing;
>
> 1) mount /usr and swap with nfs
> 2) use xdm
>
> With some tests (learning NetBSD is fun), it seems work fine.
> I worry about "Security".
> Can an attacker snoop those data traffic ?  Maybe "YES", I guess.
>
> My idea is:
> There is no important data in 1), I don't need to worry about that.
> Set and run SSH for xdm (ssh X11 port forwarding).
>
> Does this make a sense ? Any hint or advice is appreciated.
> (I read some man-pages with my poor English, I got headaches.)
>
> Thanks,
> Kazu Inanaga
>
>

I have a similar setup running, although with no X. NFS is an
unecrypted protocol. /usr, however, shouldn't have anything on it that
isn't already available for public download anyway. As far as
potential injection and man-in-the-middle attacks go, well, if you
have a halfway decent firewall you should be just fine (as long as
your picky about who you let into your network).

Since you're running /usr over NFS, why not just run X locally?

- mngrif