[X2Go-Dev] x2godesktopsharing: Full Access not available for other users?

Oleksandr Shneyder oleksandr.shneyder at obviously-nice.de
Mon Feb 20 09:32:31 CET 2012 

Am 19.02.2012 21:14, schrieb Milan Knížek:
> Hello list!
> 
> I am a bit confused re. the discrepancy between wiki and actual
> behaviour of x2godesktop sharing:
> 
> x the wiki [1] reads that 
>     With the desktopsharing function of X2go you can have full-access
>     the desktop from somebody else...
> 
> x when I (USER_B) connect from a remote machine with x2goclient to
> "local desktop" (USER_A logged in on tty7 of x2goserver), the
> USER_A's session is shown in the lists of sessions available for
> sharing, however the button "Full Access" is greyed-out and cannot be
> clicked. So USER_B is only allowed to view the USER_A's deskto.
> 
> x having looked at x2godesktopsharing.git/sharetray.cpp, I can see that
> this is due to "bShadow->SetEnabled ( user==getCurrentUname() );" and
> have verified that the following patch removes the limitation:
> 
> ===
> --- onmainwindow_part2.cpp<---->2011-11-25 13:08:10.000000000 +0100
> +++ onmainwindow_part2.cpp_mod<>2012-02-19 19:50:36.200838546 +0100
> @@ -1132,7 +1132,7 @@
>                           index.row(),
>                           D_USER ).data().toString();
>          bShadowView->setEnabled ( true );
> -        bShadow->setEnabled ( user==getCurrentUname() );
> +        bShadow->setEnabled ( true );
>      }
>  }
> 
> ===
> 
> Is this intentional behaviour due to the potential security issues
> mentioned here [2] (anyway, the remote user _can_ recompile the
> x2goagent to get rid of the limitation)?
> 
> 
> [1] http://www.x2go.org/wiki:components:desktop-sharing#usage
> [2]
> http://comments.gmane.org/gmane.linux.terminal-server.x2go.devel/2437
> 
> Regards,
> Milan
> 
> 

I have disabled it, because in my opinion, security risk was just to
high. At the moment, user can get full access only if connecting to his
own desktop. Actually, removing such check in x2goclient should not do
anything. This check is also included in x2gostartagent. Anyway, if in
future we want to enable such feature, we should also modify
x2godesktopsharing and ask user if he give to other people a full or
"only view" access. With big, fat, red warning.

regards
-- 
Oleksandr Shneyder
Dipl. Informatik
X2go Core Developer Team

email:  oleksandr.shneyder at obviously-nice.de
web: www.obviously-nice.de

--> X2go - everywhere at home

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20120220/e374e5a1/attachment.pgp>

More information about the x2go-dev mailing list