-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Control: tag -1 patch Control: clone -1 -2 Control: retitle -2 point out that X2GoServer's Published Application Mode is not a security feature Control: tag -2 patch Control: severity -2 wishlist Control: package -2 x2goserver

Do you think you could write down such an additional note for the man page and send it back to this bug (in plain text)?

I will work that text into the man page then.

PS: if you will, tag this bug with "patch" once you have sent that text passage...

@Mike#1, I tried to clone and retitle this bug for X2GoServer's Published Application Mode. Please verify that this worked.

• -Stefan

This is the notice for X2GoBroker. For X2GoServer's PAM, see below.

SECURITY NOTICE

Users are advised to not misinterpret X2GoBroker's capabilites as a security feature. Even when using X2GoBroker, it is still possible for users to locally configure an X2GoClient with any setting they want, and use that to connect. So if you're trying to keep users from running a certain application on the host, using X2GoBroker to "lock" the configuration is the *wrong* way. The users will still be able to run that application by creating their own, local configuration file and using that. To keep users from running an application on the server, you have to use *filesystem permissions*. In the simplest case, this means setting chmod 750 or 550 on the particular application on the host, and making sure the users in question are not the owner and also not a member of the group specified for the application.

Notice for X2GoServer's PAM (Published Application Mode) is here:

SECURITY NOTICE

Users are advised to not misinterpret X2GoServer's Published Application Mode as a security feature. Even when using Published Application Mode, it is still possible for users to locally configure an X2GoClient with any setting they want, and use that to connect. So if you're trying to keep users from running a certain application on the host, using Published Application Mode to "lock" the configuration is the *wrong* way. The users will still be able to run that application by creating their own, local configuration file and using that. To keep users from running an application on the server, you have to use *filesystem permissions*. In the simplest case, this means setting chmod 750 or 550 on the particular application on the host, and making sure the users in question are not the owner and also not a member of the group specified for the application.

BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUr6xOAAoJEG7d9BjNvlEZMQ4IAJWMnnvvfP8RyN+nc52Se2ue A2uA5K6XAl7+vXajF+v/LNnkWsqowE0Z/Z5MGdzfpAPblHRF4qjVqUmcGLAK0lfH wauk9MxlmV3M+W+0wUoVbjlHcuCWs3USoefqw4ncLXMoYiokSOnmgY4wFzaRWSi9 yu7WeO9JQyphTODQoHGydDjVPiez00eOrW4cFGBccljr+O1wMjXe5fTK4igILEfd UYcLcCqSLuR/E0q7kL4ja8M+1ZaTkqcS2971pnBXF+xdBRDYe9HTBTDJC8XOyIwB z9zvEbQ5We3dc8H+ZJY12DVhgmAiTi53S2MF81NPrEJ41la1Wri8eV5oLy6aNDE= =BVtu -----END PGP SIGNATURE-----