Am 04.05.20 um 15:34 schrieb Vladislav Kurz:
Hello,
I'm not sure If I should post to @bugs.x2go.org or x2go-dev mailing list.
Since you opened a bug report, use <1465@bugs.x2go.org>, that way, all the right things (TM) will happen automagically.
I have to explain it. The protected thing is openoffice sheet with some complex formulas. The formulas should be protected from viewing by openoffice somehow (that was not my task so I did not really check that in detail). Users fill in input data, get the results, and can print them via CUPS to PDF (or paper). We do not want them to get the sheet and use it elsewhere. They are allowed to make work copies of the sheet within the protected environment, but should not be able to get it out.
And that's your design flaw that you need to fix.
You really need to separate the logic from the data, so the users can't access it.
You could, for example, try using stored procedures in a database, and use Libreoffice or a Web browser as the GUI front end for the database access.
Or you could try using Libreoffice in headless mode, by querying parameters from the users in a script, properly sanitizing them (whitelist the allowed input characters, instead of blacklisting potentially troublesome ones), then passing them on to be inserted in a template of your spreadsheet, and automatically print the result to a PDF. That way, the users won't be in direct contact with your precious formulas, but only with a script you wrote (which would then call libreoffice under a user id that has permission to access the spreadsheet), and with a PDF viewer.
If the users have access to Libreoffice, and to your spreadsheet, they *will* be able to come up with a way to copy your file. And if it is formula by formula using a QR code or OCR.
For example, Libreoffice Basic - the Macro language used by Libreoffice that any user can write macros in - allows raw file I/O. So it would be possible to read your spreadsheet file byte-by-byte (bypassing any Libreoffice-internal protections it may have), encode it in a QR code (current Libreoffice even has its own QR encoder built in), then scan that code on the client, and save the result as a file. And once it is stored on the attacker's machine, they can brute-force their way into whatever protection you tried to apply, until they see your formulas.
There is NO WAY of making it safe if you don't separate formulas and data from each other. X2Go won't help you. Switching to a different remote access solution won't help you. Switching operating systems won't help you. Your problem is not X2Go, but how mighty and versatile Libreoffice is.
You're trying to mitigate a severe security/privacy flaw in your basic design with kludgy workarounds, instead of fixing it properly. This is hopeless and won't end well.
-Stefan
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243