control: tag -1 moreinfo control: tag -1 not-a-bug control: tag -1 wontfix
On Mi 07 Aug 2013 07:36:18 CEST David Fuhrmann wrote:
I just noticed that x2goserver allows to connect to ALL running X
sessions on the target machine, using "connect to local desktop".
These might be logged in local users, or NX sessions which were not
terminated correctly. This is especially worse in the latter case,
as the screen is not locked here, normally.This is a HUGE security leak, as now all users are able to access
data of the other users, and hinder them from working by
manipulating current sessions.Normal remote desktop software should BLOCK such access by default,
and only allow it when the user explicitly requested it or
configured it so.
I just tested this to be really sure that this is a not-a-bug report...
What you describe only works for the same login!!!! So if my user
(sunweaver) logs in locally to an X-Session and ,,sunweaver'' then
connects via X2Go to connect to a local X session then I can access my
__own__ local X sessions.
However, I cannot access other users' sessions unless they grant
access via the X2Go Desktop Sharing utility.
Please re-test and re-confirm or post a message that states that the
mistake was on your part.
Thanks+Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...