From: igor@9lab.org
To: 9front@9front.org
Cc: ori@eigenstate.org, igor@lab.org, unobe@cpan.org
Subject: Re: [9front] cmd/vnc: enable connecting to recent Darwin releases (patch)
Date: Sat, 25 Sep 2021 23:04:12 +0200 [thread overview]
Message-ID: <2CF3F3480387891CA0B470F06B562914@9lab.org> (raw)
In-Reply-To: <025882E34BB769F0DFE94E4EC294FD86@eigenstate.org>
[-- Attachment #1: Type: text/plain, Size: 1816 bytes --]
Quoth ori@eigenstate.org:
> Quoth unobe@cpan.org:
[…]
> > I don't know if it's appropriate to mention in the man page that the
> > connection to OS X cannot be encrypted, so tunneling w/ssh is advised.
[…]
> It's worth mentioning that vnc auth in general is
> a joke, and some other mechanism, like sshnet,
> should be used for encryption.
Attached is a patch (git/import) that incorporates the modification to
vnc/auth.c enabling connections to Darwin hosts, as well as the
suggestions made to improve /sys/man/1/vnc.
Here is the inline version:
<snip>
From: Igor Böhm <igor@9lab.org>
Date: Sat, 25 Sep 2021 20:40:47 +0000
Subject: [PATCH] vncv: enable connecting to Darwin hosts
Tested on MacOS Catalina and Big Sur releases.
Update man page to highlight weak encryption of vnc, recommending to
tunnel via ssh (thanks unobe).
---
diff 235ef367d793db705b1b4ef20913c697eccd13a6 8abecdeed7f761e5a502bd1500ebbf2bc4962b43
--- a/sys/man/1/vnc Sat Sep 25 18:57:58 2021
+++ b/sys/man/1/vnc Sat Sep 25 22:40:47 2021
@@ -201,9 +201,12 @@
If the remote frame buffer is larger than the local screen,
only the upper left corner can be accessed.
.PP
+.I Vncs
+and
+.I vncv
+encryption is not secure. It's advisable to tunnel through
+ssh or some other secure protocol.
+.PP
.I Vncv
does no verification of the TLS certificate presented
by the server.
-.PP
-.I Vncv
-supports only version 3.3 of the RFB protocol.
--- a/sys/src/cmd/vnc/auth.c Sat Sep 25 18:57:58 2021
+++ b/sys/src/cmd/vnc/auth.c Sat Sep 25 22:40:47 2021
@@ -33,6 +33,8 @@
v->vers = 37;
else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0)
v->vers = 38;
+ else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0)
+ v->vers = 38; /* Darwin */
else /* RFC6143: Any other should be treated as 3.3. */
v->vers = 33;
<snap>
Cheers,
Igor
[-- Attachment #2: vnc.darwin.patch --]
[-- Type: text/plain, Size: 1239 bytes --]
From: Igor Böhm <igor@9lab.org>
Date: Sat, 25 Sep 2021 20:40:47 +0000
Subject: [PATCH] vncv: enable connecting to Darwin hosts
Tested on MacOS Catalina and Big Sur releases.
Update man page to highlight weak encryption of vnc, recommending to
tunnel via ssh (thanks ori, unobe).
---
diff 235ef367d793db705b1b4ef20913c697eccd13a6 8abecdeed7f761e5a502bd1500ebbf2bc4962b43
--- a/sys/man/1/vnc Sat Sep 25 18:57:58 2021
+++ b/sys/man/1/vnc Sat Sep 25 22:40:47 2021
@@ -201,9 +201,12 @@
If the remote frame buffer is larger than the local screen,
only the upper left corner can be accessed.
.PP
+.I Vncs
+and
+.I vncv
+encryption is not secure. It's advisable to tunnel through
+ssh or some other secure protocol.
+.PP
.I Vncv
does no verification of the TLS certificate presented
by the server.
-.PP
-.I Vncv
-supports only version 3.3 of the RFB protocol.
--- a/sys/src/cmd/vnc/auth.c Sat Sep 25 18:57:58 2021
+++ b/sys/src/cmd/vnc/auth.c Sat Sep 25 22:40:47 2021
@@ -33,6 +33,8 @@
v->vers = 37;
else if(strncmp(msg, "RFB 003.008\n", VerLen) == 0)
v->vers = 38;
+ else if(strncmp(msg, "RFB 003.889\n", VerLen) == 0)
+ v->vers = 38; /* Darwin */
else /* RFC6143: Any other should be treated as 3.3. */
v->vers = 33;
next prev parent reply other threads:[~2021-09-25 22:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-22 7:58 igor
2021-09-22 17:55 ` unobe
2021-09-22 18:03 ` ori
2021-09-25 21:04 ` igor [this message]
2021-09-22 18:40 ` unobe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2CF3F3480387891CA0B470F06B562914@9lab.org \
--to=igor@9lab.org \
--cc=9front@9front.org \
--cc=igor@lab.org \
--cc=ori@eigenstate.org \
--cc=unobe@cpan.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).