[debian-edu-commits] debian-edu/pkg-team/ 150/159: more notes on crypto (well, less but more sayingful ones)
Dominik George
natureshadow-guest at moszumanska.debian.org
Tue Feb 23 10:04:35 UTC 2016
This is an automated email from the git hooks/post-receive script.
natureshadow-guest pushed a commit to branch master
in repository xrdp.
commit 9ed3300f4862dda343948372527e97559e8f982f
Author: mirabilos <tg at mirbsd.org>
Date: Wed Sep 2 19:04:39 2015 +0200
more notes on crypto (well, less but more sayingful ones)
---
README.Debian | 5 ++++-
xrdp.postinst | 2 ++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/README.Debian b/README.Debian
index 472399a..c64c18d 100644
--- a/README.Debian
+++ b/README.Debian
@@ -1,7 +1,10 @@
Upgrade from xrdp 0.6 (Debian jessie) should be tested (including
things like conffiles, logfiles, piuparts, etc).
-A security issue is the disablement of access control by default.
+Consider using TLS encryption instead of the default RDP encryption,
+but do make sure to test all possible clients, and mind client bugs.
+
+Another security issue is the disablement of access control by default.
Use at your own risk and inform your users that privacy is possibly not
guaranteed as all users can attach to RDP users’ sessions locally.
See also: https://github.com/neutrinolabs/xrdp/issues/264
diff --git a/xrdp.postinst b/xrdp.postinst
index a491354..27fb18c 100644
--- a/xrdp.postinst
+++ b/xrdp.postinst
@@ -42,6 +42,8 @@ configure)
rm -f /etc/pam.d/sesman
fi
+ # generate a (512-bit, but that doesn't matter here
+ # because the RDP4 crypto is MITMable anyway)
test -e /etc/xrdp/rsakeys.ini || (
umask 077
xrdp-keygen xrdp auto
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/xrdp.git
More information about the debian-edu-commits
mailing list