Template Version: @(#)onepager.txt 1.35 07/11/07 SMI Copyright 2007 Sun Microsystems 1. Introduction 1.1. Project/Component Working Name: rdesktop 1.2. Name of Document Author/Supplier: Michal Pryc 1.3. Date of This Document: 02/05/08 1.3.1. Date this project was conceived: 07/15/99 1.4. Name of Major Document Customer(s)/Consumer(s): 1.4.1. The PAC or CPT you expect to review your project: Solaris PAC 1.4.2. The ARC(s) you expect to review your project: LSARC 1.4.3. The Director/VP who is "Sponsoring" this project: robert.odea@sun.com 1.4.4. The name of your business unit: OPG / OpenSource. 1.5. Email Aliases: 1.5.1. Responsible Manager: leo.binchy@sun.com 1.5.2. Responsible Engineer: michal.pryc@sun.com 1.5.3. Marketing Manager: dan.roberts@sun.com 1.5.4. Interest List: desktop-discuss@opensolaris.org 4. Technical Description: 4.1. Details: rdesktop is an open source client for Remote Desktop Protocol (RDP), used in a number of Microsoft products like Windows NT Terminal Server, Windows Server 2000/2003, Windows XP and Windows Vista. Please note that Microsoft, Windows NT, Windows Server and Windows Vista are all registered trademarks of Microsoft Corporation in the United States and other countries. rdesktop uses encryption algorithms provided by OpenSSL, the open source toolkit for SSL/TLS. The rdesktop is under GNU General Public License with the additional exemption that compiling, linking, and/or using OpenSSL together with this software is allowed. The package consists of a single installed binary, /usr/bin/rdesktop, a manpage and localized keymaps. This proposal adds version 1.5.0, the latest stable release. The rdesktop program supports the following options: Usage: rdesktop [options] server[:port] -u: user name -d: domain -s: shell -c: working directory -p: password (- to prompt) -n: client hostname -k: keyboard layout on server (en-us, de, sv, etc.) -g: desktop geometry (WxH) -f: full-screen mode -b: force bitmap updates -L: local codepage -A: enable SeamlessRDP mode -B: use BackingStore of X-server (if available) -e: disable encryption (French TS) -E: disable encryption from client to server -m: do not send motion events -C: use private colour map -D: hide window manager decorations -K: keep window manager key bindings -S: caption button size (single application mode) -T: window title -N: enable numlock syncronization -X: embed into another window with a given id. -a: connection colour depth -z: enable rdp compression -x: RDP5 experience (m[odem 28.8], b[roadband], l[an] or hex nr.) -P: use persistent bitmap caching -r: enable specified device redirection (this flag can be repeated) '-r comport:COM1=/dev/ttyS0': enable serial redirection of /dev/ttyS0 to COM1 or COM1=/dev/ttyS0,COM2=/dev/ttyS1 '-r disk:floppy=/mnt/floppy': enable redirection of /mnt/floppy to 'floppy' share or 'floppy=/mnt/floppy,cdrom=/mnt/cdrom' '-r clientname=': Set the client name displayed for redirected disks '-r lptport:LPT1=/dev/lp0': enable parallel redirection of /dev/lp0 to LPT1 or LPT1=/dev/lp0,LPT2=/dev/lp1 '-r printer:mydeskjet': enable printer redirection or mydeskjet="HP LaserJet IIIP" to enter server driver as well '-r sound:[local|off|remote]': enable sound redirection remote would leave sound on server '-r clipboard:[off|PRIMARYCLIPBOARD|CLIPBOARD]': enable clipboard redirection. 'PRIMARYCLIPBOARD' looks at both PRIMARY and CLIPBOARD when sending data to server. 'CLIPBOARD' looks at only CLIPBOARD. -0: attach to console -4: use RDP version 4 -5: use RDP version 5 (default) 4.2. Bug/RFE Number(s): None. 4.3. In Scope: See above. 4.4. Out of Scope: See above. 4.5. Interfaces: -------------------------------------------------------------------- Exported Stability Comments -------------------------------------------------------------------- SUNWrdesktop Uncommitted Package name rdesktop Volatile CLI rdesktop.1 Volatile Manpage -------------------------------------------------------------------- Imported Stability Comments -------------------------------------------------------------------- OpenSSL Contracted* SUNWopenssl-libraries External PSARC 2003/500 *Note: the contract for this interface is in process at the filing of this case. 4.6. Doc Impact: New manpage, rdesktop.1. 4.7. Admin/Config Impact: This tool might be used by Administrators, which want to control their Windows machines with Remote Desktop enabled. 4.8. HA Impact: None. 4.9. I18N/L10N Impact: The JDS team and the G11N are working together to evaluation and provide I18N/L10N support. 4.10. Packaging & Delivery: Adds new package, SUNWrdesktop, approx 388 KB. Package will only go into SUNWCall and SUNWCXall clusters. 4.11. Security Impact: Some implementations (pre-version 6.0) of Microsoft RDP (Remote Desktop Protocol) is vulnerable to Man In The Middle attacs. This doesn't affect client system, which means that attacker will not be able to affect system running rdesktop. Build in RDP encryption uses RSA Security's RC4 symmetric encryption algorithm, which provides three levels of security: - Low, which encrypts only the data flowing from client to server, using either 40 or 56-bit key, depending on the client version. - Medium, which uses bi-directional encryption using 40 or 56-bit key, depending on the client version. - High, which uses bi-directional encryption using 128-bit key. 4.12. Dependencies: The following versions of the imported interfaces are required: OpenSSL >= 0.9.8 5. Reference Documents: PSARC 2006/019: OpenSSL upgrade to 0.9.8a rdesktop homepage: http://www.rdesktop.org rdesktop.1 manpage to be included with proposal SecuriTeam Microsoft RDP MITM Vulnerability: http://www.securiteam.com/windowsntfocus/5EP010KG0G.html Microsoft Trademarks: http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx