[X2Go-Dev] Bug#354: Bug#354: Things you should know about X

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Mon Dec 9 09:02:56 CET 2013


Hi Stefan,

On  So 08 Dez 2013 21:10:57 CET, Stefan Baur wrote:

> Am 08.12.2013 21:05, schrieb Nable 80:
>> One should notice that without root ( who would give root access to
>> generic employee? except (possibly) on his workstation) you still
>> cannot access other users' cookies (except cases when one have too
>                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> wide permissions or known vulnerabilitites with privelege escalation),
>   ^^^^^^^^^^^^^^^^
>> so you cannot grab their X sessions, can you?
>
> And here we are again at "Hey, $FOO doesn't work, I'll just do chmod  
> -R 777 * and see if that makes it work."
>
> Plus, the rogue employee may as well be the admin, and thus have  
> root rights on the machine where you're logged in.
>
> -Stefan

For X2Go we must assume that the root user is a trustworthy person.  
Otherwise we are completely lost.

Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20131209/c1b40c30/attachment-0001.pgp>


More information about the x2go-dev mailing list