Re: X server in a Firewall

["Marcus J. Ranum" <mjr () ranum com>]

John M wrote:
> My question was: what is better (or worse), taking in
> account the GUI requeriment

Well, OK, we're talking about which is the lesser of a set
of evils? You want a kind of "evil sort" algorithm? ;)


> - a local X window server running in the firewall, to be managed localy
> - or a web server, ssh based system
> - or another port based in aproprietary protocol, to be managed remotely? 

Assuming you can assert adequate controls on the X server-based
solution, it's probably the least evil. For example, if you built a version
of X server that only works over a Unix domain socket and doesn't
even support network connections, it'd be about as good as you can
make anything that has X windows built in. 

Web server-based systems are scary to me because the web
server writers are trapped in "penetrate and patch" mode and have
been there for a long time. Web servers are fairly evil in my world-view.
Again, you can do a fair bit to mitigate the risk by locking the web
server down, running it unprivileged, cutting its head off, sewing its
mouth shut with garlic in it, and hammering a stake through its
heart. Chrooting it helps, too. ;)

With all of these things you can and should be able to make an
argument that the risks have been mitigated. What terrifies
me is that those arguments are seldom made. Everyone is
stuck in this cluelessness from the 80's ("Sure, we use Apache,
but we fixed all the bugs")   Fundamentally that's bad design.
If you know a component of your architecture has had structural
flaws, it's basic engineering to avoid using that component as
load-bearing unless you build in work-arounds.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards