[X2Go-Dev] Bug#287: Bug#287: x2goserver allows to connect to ALL X server sessions by default
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Wed Aug 7 11:43:38 CEST 2013
control: tag -1 moreinfo
control: tag -1 not-a-bug
control: tag -1 wontfix
On Mi 07 Aug 2013 07:36:18 CEST David Fuhrmann wrote:
> I just noticed that x2goserver allows to connect to ALL running X
> sessions on the target machine, using "connect to local desktop".
> These might be logged in local users, or NX sessions which were not
> terminated correctly. This is especially worse in the latter case,
> as the screen is not locked here, normally.
>
> This is a HUGE security leak, as now all users are able to access
> data of the other users, and hinder them from working by
> manipulating current sessions.
>
> Normal remote desktop software should BLOCK such access by default,
> and only allow it when the user explicitly requested it or
> configured it so.
I just tested this to be really sure that this is a not-a-bug report...
What you describe only works for the same login!!!! So if my user
(sunweaver) logs in locally to an X-Session and ,,sunweaver'' then
connects via X2Go to connect to a local X session then I can access my
__own__ local X sessions.
However, I cannot access other users' sessions unless they grant
access via the X2Go Desktop Sharing utility.
Please re-test and re-confirm or post a message that states that the
mistake was on your part.
Thanks+Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20130807/7804163a/attachment.pgp>
More information about the x2go-dev
mailing list