x2go-dev

x2go-dev@lists.x2go.org

2 participants
5403 discussions

Bug#293: X2Go issue (in src:nx-libs) has been marked as pending for release
by Mike Gabriel 29 Aug '13

29 Aug '13

tag #293 pending fixed #293 2:3.5.0.21 thanks Hello, X2Go issue #293 (src:nx-libs) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=nx-libs.git;a=commitdiff;h=0946b43 The issue will most likely be fixed in src:nx-libs (2:3.5.0.21). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit 0946b437570dea31365790d5cbf39c39f1b59c02 Author: Mike Gabriel <mike.gabriel(a)das-netzwerkteam.de> Date: Thu Aug 29 22:24:26 2013 +0200 Add patch: 602_nx-X11_initgroups.full.patch. Fix calling setuid and setgid without setgroups or initgroups. There is a high probability this means it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. (Fixes: #293). diff --git a/debian/changelog b/debian/changelog index 2242a75..b523ee1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -19,6 +19,11 @@ nx-libs (2:3.5.0.21-0) UNRELEASED; urgency=low * Change build options so that bundled libraries are not used anymore at build time. Remove bundled libraries from rolled tarballs, as well. (Fixes: #238). + * Add patch: 602_nx-X11_initgroups.full.patch. Fix calling setuid and setgid + without setgroups or initgroups. There is a high probability this means it + didn't relinquish all groups, and this would be a potential security issue + to be fixed. Seek POS36-C on the web for details about the problem. (Fixes: + #293). -- Mike Gabriel <mike.gabriel(a)das-netzwerkteam.de> Thu, 28 Mar 2013 21:07:42 +0100

2 1

setuid/setgid in libXcomp
by Orion Poplawski 29 Aug '13

29 Aug '13

Can anyone explain to my why libXcomp calls setgid/setuid in Pipe.cpp:Popen() after calling fork()? It also isn't checking the results of the call, but I'm really not sure why the calls are there in the first place. switch (pid = Fork()) { ... case 0: { // // Child. // setgid(getgid()); setuid(getuid()); Nothing is running as a setuid/setgid process is it? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion(a)nwra.com Boulder, CO 80301 http://www.nwra.com

3 6

Bug#293: Use initgroups() to initialize group access list
by Orion Poplawski 29 Aug '13

29 Aug '13

Package: nx-libs Tags: patch The Fedora review of nx-libs caught the following rpmlint issue: This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. Ref POS36-C: https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Obser… This patch adds initgroups() calls to code to initialize the supplemental group list. I'm done some minimal testing (can connect to a session with client and server running this code), but I'm note sure how much that exercised it. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion(a)nwra.com Boulder, CO 80301 http://www.nwra.com

1 0

Automating the installation of the X2Go-TCE
by Arnold Krille 29 Aug '13

29 Aug '13

Hi all, I spent most of yesterdays working hours automating the setup of a TCE-nfs+tftp server. We use Chef (www.opscode.com) for that. And I will most likely publish the cookbook/recipe soon. The main reason I started this is that we want to automate more and more of the setup. And thus ease setting up our customers systems. Two problems I encountered: 1) The x2gothinclient_create skript assumes interactive usage and has no option of running non-interactive. I adopted this by removing the single "read" (so it doesn't anymore ask for confirmation and by trying to set the locale without running "dpkg-reconfigure locales". So that part worked. 2) I got the client-machines (tested with a virtual machine and checked with an atom-based netbook) to boot of the pxe+tftp+nfs as wanted and am presented with x2goclient. But on the way there, the mouse and keyboard are lost and motivation on friday just before the weekend got a little low-point. Any tips where to look at what happened? Keyboard and mouse seem to be gone for good, I could neither move the pointer nor enter anything in x2goclient. Also I couldn't do Ctrl+Alt+F1 to switch to a text-console. I also copied the x2gothinclient_shell-skript to create an x2gothinclient_execute which takes arguments and just executes these inside the tce-chroot instead of running an interactive bash. I don't know whether that is something I should prepare a patch for x2go for? It sure is very great for example for installing the kernel inside the chroot from the chef-recipe. And probably for other stuff I didn't yet need. Have a nice weekend, Arnold

2 1

Bug#292: New wiki account for Stefan Radermacher
by Mike Gabriel 29 Aug '13

29 Aug '13

Control: close -1 Hi Stefan, On Do 29 Aug 2013 10:50:21 CEST Stefan Radermacher wrote: > Package: wiki.x2go.org > > Please create a wiki account for me. > > First name: Stefan > Last name: Radermacher > Account name: Zaister > Account has been created. You should have received a separate mail with your login credentials. Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 0

Downtime code.x2go.org
by Mike Gabriel 29 Aug '13

29 Aug '13

Hi, the system hosting the Virtual Hosts (httpd) code.x2go.org packages.x2go.org has a short downtime atm. One hard drive feels buggy, so I do a reboot on the whole virtual hosting server followed by some test and maybe eventually a replacement of the buggy hard drive. Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

2 2

Bug#290: SSH key based authentication problems
by Mike Gabriel 28 Aug '13

28 Aug '13

Package: x2goclient Tags: confirmed Version: 4.0.1.0 Severity: important x-debbugs-cc: software(a)matthiaskauer.com I myself have also observed the issue reported by Matthias. Adding this as a bug. This should get fixed before the release of 4.0.1.1. Mike ----- Weitergeleitete Nachricht von software(a)matthiaskauer.com ----- Datum: Mon, 26 Aug 2013 23:54:55 +0200 Von: Matthias Kauer <software(a)matthiaskauer.com> Betreff: [X2Go-User] Login via ~/.ssh/authorized_keys fails An: x2go-user(a)lists.berlios.de Hi, I am looking for input on how to set up an ssh key-based authentication. I generated an RSA key pair with puttygen and added it to ~/.ssh/authorized_keys2 => confirmed that I can login with putty. Now, I specify the same private key in x2goclient (windows). I enter my password and I am then prompted for the password of the ssh key. I enter it and the same ssh key password prompt reappears. This seems to be an infinite loop. When I cancel it, I get a message saying that only publickey is supported as login method (which corresponds to my sshd_config settings). I then tried renaming ~/.ssh/authorized_keys and using a DSA key pair. putty still works as expected with both of these alternatives. x2goclient still shows the same problems however. It only lets me login if I adapt my sshd_config and authenticate via user / password combination. Is this a known limitation? What is the best way to achieve high security? Can I limit the x2go connections to only LAN IPs (without restricting the pure ssh connections)? Best Wishes, Matthias Kauer _______________________________________________ X2Go-User mailing list X2Go-User(a)lists.berlios.de https://lists.berlios.de/mailman/listinfo/x2go-user ----- Ende der weitergeleiteten Nachricht ----- -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

3 2

Automating the installation of the X2Go-TCE and the problems when trying to do so
by Arnold Krille 24 Aug '13

24 Aug '13

1 1

releases+translations of X2Go Client / PyHoca-GUI
by Mike Gabriel 22 Aug '13

22 Aug '13

Hi all, currently we have two releases pending: X2Go Client and PyHoca-GUI. Both projects are still hoping for people working on their translations: X2Go Client: -> Russion translation (Alex? Nable?) PyHoca-GUI: -> Dutch translation (Anyone?) The Dutch translator for PyHoca-GUI is currently on vacation, so maybe someone else can jump in? I will release those versions on 26th August (Monday next week) if no more translations come in. If you have any questions on X2Go translation work, please contact me personally (or subscribe to x2go-i18n ML [1] right away and ask there). Furthermore, we have a couple of translations incomplete. Thanks to those who provided the work in the first place!!! However, I hope that there are people on our mailing lists who feel entitled to continue the work: X2Go Client: French, Chinese/Taiwan (zh_tw) PyHoca-GUI: French If you run your computer in your local language and X2Go Client / PyHoca-GUI appear(s) in Englisch on your screen, you may also feel entitled joining the X2Go i18n / translation team. Translating software is a task that non-developers can easily do. I will do my best in supervising you ASAP, so you can get started with the translation work right away. Greets+Regards+Thanks, Mike [1] https://lists.berlios.de/mailman/listinfo/x2go-i18n -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 1

Bug#289: Launch (suspended) X2Go sessions without the need of client-side X11
by Mike Gabriel 21 Aug '13

21 Aug '13

Package: x2goserver Severity: wishlist x-debbugs-cc: Yohan <public(a)scimetis.net> Hi Yohan, On Mi 21 Aug 2013 18:19:08 CEST Yohan wrote: > It seems pyhoca-cli requires an active xserver to start. No ? Argh.. Sure... I missed that detail. Of course it needs a local X-Server. This is a pain for your use case. I file my reply here as a wishlist bug. The use case is: a feature where X2Go sessions could be launched without a local X-Server being necessary. Actually, we could follow two approaches here. A server-side session trigger that gets called via a simple SSH connection (or via CRON on boot). The other option would be a pyhoca-cli that fires up the session from remote, but does not require a local X to be present. For your use case the first will be more appropriate. Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel(a)das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x…

1 0

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

x2go-dev