x2go-dev August 2013

x2go-dev@lists.x2go.org

12 participants
79 discussions

Bug#199: X2Go issue (in src:nx-libs) has been marked as closed
by Mike Gabriel 30 Aug '13

30 Aug '13

close #199 thanks Hello, we are very hopeful that X2Go issue #199 reported by you has been resolved in the new release (2:3.5.0.21) of the X2Go source project »src:nx-libs«. You can view the complete changelog entry of src:nx-libs (2:3.5.0.21) below, and you can use the following link to view all the code changes between this and the last release of src:nx-libs. http://code.x2go.org/gitweb?p=nx-libs.git;a=commitdiff;h=1102c6c766cfca9136… If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:nx-libs. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:nx-libs Version: 2:3.5.0.21 Status: RELEASE Date: Fri, 30 Aug 2013 16:18:04 +0200 Fixes: 199 223 238 293 Changes: nx-libs (2:3.5.0.21-0) RELEASED; urgency=low . [ Mike Gabriel ] * Provide a default keystrokes.cfg in /etc/nx (for nxagent) and /etc/x2go (for x2goagent). (Fixes: #199). * Use a keystrokes.cfg that reflects the normally hard-coded defaults of a vanilla nxagent. (Fixes: #223). * Set NXAGENT_KEYSTROKEFILE to /etc/x2go/keystrokes.cfg for wrapper x2goagent. * For vanilla nxagent move keystrokes.cfg from /etc/nx to /etc/nxagent. * Tarball roller script: + Only install keystrokes.cfg when in full mode. + Only install nxproxy wrapper when in lite mode. * /debian/control: + Add B-Ds: libfontconfig1-dev, libfontenc-dev. * /debian/nx-libs-dev.install: + Remove unrelated files from -dev package. * Fix keystrokes.cfg, use Ctrl+Alt+<key> instead of just Ctrl+<key>. (Adds to fixing #223). . [ Orion Poplawski ] * Change build options so that bundled libraries are not used anymore at build time. Remove bundled libraries from rolled tarballs, as well. (Fixes: #238). * Add patch: 602_nx-X11_initgroups.full.patch. Fix calling setuid and setgid without setgroups or initgroups. There is a high probability this means it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. (Fixes: #293).

2 1

Re: [X2Go-Dev] x2goserver packaging questions
by Mike Gabriel 30 Aug '13

30 Aug '13

HI Orion, I re-include x2go-dev, I hope that's ok. On Fr 30 Aug 2013 00:51:18 CEST Orion Poplawski wrote: > So: > > - Why split out -compat? Doesn't seem to add any dependencies. Not necessarily needed. /me thinks about removing the compat commands completely, as they have been obsolete for more then 3 years now. > - Why split out -extensions? Okay, does pull x11-xkb-utils which > isn't otherwise required, but it appears to be recommended that you > have it. rpm doesn't have the concept of "Recommends" or > "Suggests", just hard dependencies. In some setups, the site admin may decide to leave it uninstalled. (Or rather: to uninstall it after it got pulled in via Recommends: field in /debian/control). Also, removing x2goserver-extensions may ease the X2Go Server debugging in some occasions. > - Why split out -xsession? Adds dep on x11-common which appears to > not be otherwise required. Only suggested. The -xsession package is only necessary for people providing a full screen desktop shell. For people providing SaaS the -xsession package is not needed. And x11-common is normally not needed for X2Go functionality. We hook into the system's Xsession scripts (via symlinking), so that's why we depend on x11-common here. > - Why split out -fmbindings? Adds deps on xdg-utils, > desktop-file-utils (although for Fedora, this is not required, but > xdg-utils requires it). Although it seems nearly impossible to > install almost any desktop without xdg-utils (lxde and xfce seem to > require it), and it is tiny and has few dependencies. Instead of x2goserver-fmbindings people can use x2go*bindings. Also site admins may not want to add desktop icon support for locally shared folders. > - Why split out -pyhoca? Does not appear to add any dependencies. > Doesn't appear to do anything as far as I can see. The -pyhoca package is deprecated. It stems from a time when I was to shy to add functionalty to the x2goserver core package when I needed it for pyhoca-gui. This shyness is obviously gone... I will remove the x2goserver-pyhoca package in some future release completely. So ignore it. > I already split out -printing, although I'm not sure that added much > (perl(File::Basename), perl(File::Copy)), so that might have been > silly. So, I guess I could see splitting out -xsession and possibly > -fmbindings, but that's about it. Splitting out printing is a must IMHO as it creates a separate user:group (x2goprint:x2goprint). > Looking at dependencies: > > - lsof - from x2goshowblocks: > > my @outp=dbsys_getmounts( $id); > for (my $i=0;$i<@outp;$i++) > { > my $path=(split("\|",@outp[$i]))[1]; > print `su $uname -c "lsof 2>/dev/null | grep $path"`; > } > > Hmm, it's inefficient if there are more than one mount entries, but > otherwise I don't see a better way of doing it off hand. But this I > could actually imagine going into a utils/debug package. Unless it > is used for something else? Yeah. This can surely be improved. > - bc - from x2goruncommand > > echo "$DISTRIB_RELEASE >= 11.10" | bc > > Actually, not that much on my machine depends on bc. Since > x2goserver already depends on perl, I'd be tempted to use that > instead: > > perl -e "print $DISTRIB_RELEASE >= 11.10" As the x2goruncommand should be turned into Perl at some time later, I will be happy to accept a tested patch for this. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 0

Bug#223: X2Go issue (in src:nx-libs) has been marked as pending for release
by Mike Gabriel 29 Aug '13

29 Aug '13

tag #223 pending fixed #223 2:3.5.0.21 thanks Hello, X2Go issue #223 (src:nx-libs) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=nx-libs.git;a=commitdiff;h=13f2b57 The issue will most likely be fixed in src:nx-libs (2:3.5.0.21). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit 13f2b57d421b6a5ee71effaa6e5da17b1554ac4e Author: Mike Gabriel <mike.gabriel(a)das-netzwerkteam.de> Date: Thu Aug 29 22:58:19 2013 +0200 Fix keystrokes.cfg, use Ctrl+Alt+<key> instead of just Ctrl+<key>. (Adds to fixing #223). diff --git a/debian/changelog b/debian/changelog index b523ee1..401f334 100644 --- a/debian/changelog +++ b/debian/changelog @@ -14,6 +14,8 @@ nx-libs (2:3.5.0.21-0) UNRELEASED; urgency=low + Add B-Ds: libfontconfig1-dev, libfontenc-dev. * /debian/nx-libs-dev.install: + Remove unrelated files from -dev package. + * Fix keystrokes.cfg, use Ctrl+Alt+<key> instead of just Ctrl+<key>. (Adds to + fixing #223). [ Orion Poplawski ] * Change build options so that bundled libraries are not used anymore at

2 1

Bug#293: X2Go issue (in src:nx-libs) has been marked as pending for release
by Mike Gabriel 29 Aug '13

29 Aug '13

tag #293 pending fixed #293 2:3.5.0.21 thanks Hello, X2Go issue #293 (src:nx-libs) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=nx-libs.git;a=commitdiff;h=0946b43 The issue will most likely be fixed in src:nx-libs (2:3.5.0.21). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit 0946b437570dea31365790d5cbf39c39f1b59c02 Author: Mike Gabriel <mike.gabriel(a)das-netzwerkteam.de> Date: Thu Aug 29 22:24:26 2013 +0200 Add patch: 602_nx-X11_initgroups.full.patch. Fix calling setuid and setgid without setgroups or initgroups. There is a high probability this means it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. (Fixes: #293). diff --git a/debian/changelog b/debian/changelog index 2242a75..b523ee1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -19,6 +19,11 @@ nx-libs (2:3.5.0.21-0) UNRELEASED; urgency=low * Change build options so that bundled libraries are not used anymore at build time. Remove bundled libraries from rolled tarballs, as well. (Fixes: #238). + * Add patch: 602_nx-X11_initgroups.full.patch. Fix calling setuid and setgid + without setgroups or initgroups. There is a high probability this means it + didn't relinquish all groups, and this would be a potential security issue + to be fixed. Seek POS36-C on the web for details about the problem. (Fixes: + #293). -- Mike Gabriel <mike.gabriel(a)das-netzwerkteam.de> Thu, 28 Mar 2013 21:07:42 +0100

2 1

setuid/setgid in libXcomp
by Orion Poplawski 29 Aug '13

29 Aug '13

Can anyone explain to my why libXcomp calls setgid/setuid in Pipe.cpp:Popen() after calling fork()? It also isn't checking the results of the call, but I'm really not sure why the calls are there in the first place. switch (pid = Fork()) { ... case 0: { // // Child. // setgid(getgid()); setuid(getuid()); Nothing is running as a setuid/setgid process is it? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion(a)nwra.com Boulder, CO 80301 http://www.nwra.com

3 6

Bug#293: Use initgroups() to initialize group access list
by Orion Poplawski 29 Aug '13

29 Aug '13

Package: nx-libs Tags: patch The Fedora review of nx-libs caught the following rpmlint issue: This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. Ref POS36-C: https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Obser… This patch adds initgroups() calls to code to initialize the supplemental group list. I'm done some minimal testing (can connect to a session with client and server running this code), but I'm note sure how much that exercised it. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion(a)nwra.com Boulder, CO 80301 http://www.nwra.com

1 0

Automating the installation of the X2Go-TCE
by Arnold Krille 29 Aug '13

29 Aug '13

Hi all, I spent most of yesterdays working hours automating the setup of a TCE-nfs+tftp server. We use Chef (www.opscode.com) for that. And I will most likely publish the cookbook/recipe soon. The main reason I started this is that we want to automate more and more of the setup. And thus ease setting up our customers systems. Two problems I encountered: 1) The x2gothinclient_create skript assumes interactive usage and has no option of running non-interactive. I adopted this by removing the single "read" (so it doesn't anymore ask for confirmation and by trying to set the locale without running "dpkg-reconfigure locales". So that part worked. 2) I got the client-machines (tested with a virtual machine and checked with an atom-based netbook) to boot of the pxe+tftp+nfs as wanted and am presented with x2goclient. But on the way there, the mouse and keyboard are lost and motivation on friday just before the weekend got a little low-point. Any tips where to look at what happened? Keyboard and mouse seem to be gone for good, I could neither move the pointer nor enter anything in x2goclient. Also I couldn't do Ctrl+Alt+F1 to switch to a text-console. I also copied the x2gothinclient_shell-skript to create an x2gothinclient_execute which takes arguments and just executes these inside the tce-chroot instead of running an interactive bash. I don't know whether that is something I should prepare a patch for x2go for? It sure is very great for example for installing the kernel inside the chroot from the chef-recipe. And probably for other stuff I didn't yet need. Have a nice weekend, Arnold

2 1

Bug#292: New wiki account for Stefan Radermacher
by Mike Gabriel 29 Aug '13

29 Aug '13

Control: close -1 Hi Stefan, On Do 29 Aug 2013 10:50:21 CEST Stefan Radermacher wrote: > Package: wiki.x2go.org > > Please create a wiki account for me. > > First name: Stefan > Last name: Radermacher > Account name: Zaister > Account has been created. You should have received a separate mail with your login credentials. Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 0

Downtime code.x2go.org
by Mike Gabriel 29 Aug '13

29 Aug '13

Hi, the system hosting the Virtual Hosts (httpd) code.x2go.org packages.x2go.org has a short downtime atm. One hard drive feels buggy, so I do a reboot on the whole virtual hosting server followed by some test and maybe eventually a replacement of the buggy hard drive. Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

2 2

Bug#290: SSH key based authentication problems
by Mike Gabriel 28 Aug '13

28 Aug '13

Package: x2goclient Tags: confirmed Version: 4.0.1.0 Severity: important x-debbugs-cc: software(a)matthiaskauer.com I myself have also observed the issue reported by Matthias. Adding this as a bug. This should get fixed before the release of 4.0.1.1. Mike ----- Weitergeleitete Nachricht von software(a)matthiaskauer.com ----- Datum: Mon, 26 Aug 2013 23:54:55 +0200 Von: Matthias Kauer <software(a)matthiaskauer.com> Betreff: [X2Go-User] Login via ~/.ssh/authorized_keys fails An: x2go-user(a)lists.berlios.de Hi, I am looking for input on how to set up an ssh key-based authentication. I generated an RSA key pair with puttygen and added it to ~/.ssh/authorized_keys2 => confirmed that I can login with putty. Now, I specify the same private key in x2goclient (windows). I enter my password and I am then prompted for the password of the ssh key. I enter it and the same ssh key password prompt reappears. This seems to be an infinite loop. When I cancel it, I get a message saying that only publickey is supported as login method (which corresponds to my sshd_config settings). I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair. putty still works as expected with both of these alternatives. x2goclient still shows the same problems however. It only lets me login if I adapt my sshd_config and authenticate via user / password combination. Is this a known limitation? What is the best way to achieve high security? Can I limit the x2go connections to only LAN IPs (without restricting the pure ssh connections)? Best Wishes, Matthias Kauer _______________________________________________ X2Go-User mailing list X2Go-User(a)lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-user ----- Ende der weitergeleiteten Nachricht ----- -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

3 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

x2go-dev August 2013