search

TurboVNC / turbovnc

Main TurboVNC repository
https://TurboVNC.org
GNU General Public License v2.0
761 stars 138 forks source link

Allow .vnc user directory to be a symlink #317

Closed jmccarv closed 2 years ago

jmccarv commented 2 years ago

Use stat() instead of lstat() when checking the user's .vnc directory to follow symlinks instead of checking the symlink itself.

dcommander commented 2 years ago

There are security reasons why that isn't a good idea. If you can explain more about your use case, then I can help you figure out how to accomplish your goal using methods that TurboVNC already supports. (If you're just trying to use another directory as a VNC user directory, then the supported way to do that is to specify the directory location using the $vncUserDir variable in ~/.vnc/turbovncserver.conf.)

jmccarv commented 2 years ago

Thank you for your quick response! I hadn't considered the possibility of a symlink for that being a security issue. I'd be interested in learning about what those issues are.

Thank you for pointing me to that configuration option; I believe that will work for me. I think setting the following will do what I want:

$vncUserDir = readlink "$ENV{HOME}/.vnc" // "$ENV{HOME}/.vnc";

My use case is I keep my .vnc directory and some other things in a git repo and symlink $HOME/.vnc -> git working dir. Although that's not the case on all my machines, on some $HOME/.vnc is actually a directory .. hence the above setting should work for me either way.

dcommander commented 2 years ago

The TurboVNC Server stores everything user-specific in the VNC user directory, including the VNC password, X.509 certificates/keys, per-user configuration file, and session-specific log files and PID files. Thus, if a user symlinked ~/.vnc to a directory that was visible to other users of the machine, then their VNC password or X.509 credentials could be exposed. The design of the system is such that users are forced to modify the configuration file if they want to do what you're doing, which forces them to stop and think about it.

Personally, rather than use a symlink, I would just do something like this on all of the machines that need to share TurboVNC files:

mkdir ~/.vnc
chmod 600 ~/.vnc
cd ~/.vnc
git remote add origin {Git-repo-URL}/{path-to-VNC-user-directory-in-repo}
git pull

Note that it doesn't make much sense to store anything except the password file and configuration file in Git. Everything else will be host-specific and ephemeral.