[X2go-dev] X2go is insecure
Reinhard Tartler
siretart at tauware.de
Tue Mar 29 16:33:25 CEST 2011
On Tue, Mar 29, 2011 at 15:35:32 (CEST), Dick Kniep wrote:
> The problem is caused by the fact that the x2go server does not restrict
> the commands that can be entered thru ssh. This is bad, but what is
> worse, is that the X2go clients actually use this security hole to start
> any command it needs.
I don't get this. In the default setup, x2go is used to provide a full
desktop environment like Gnome or KDE. There, I can of open some
terminal emulator and also execute arbitrary commands like 'rm -rf *'.
What you explain would make sense in a locked-down kiosk-like environment.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
More information about the x2go-dev
mailing list