Re: [X2go-User] x2goagent listening on public interface - how to make it listen on 127.0.0.1 only?

Hi Bughunter,

On Sa 18 Feb 2012 17:08:35 CET BUGHUNTER wrote:

...

I had a discussion with another of the developers (Alex) and we do not know either, if there is a NX-builtin solution for just listening on the localhost IP socket.

could this be considered as an important missing feature? I did not find any way to put a feature request into a bugtracker, maybe you would like to do this or forward this to anybody who is more familiar with the development infrastructure? I am just an accidental by-alker and would like to proceed with other things... THANKS!

Yes, will do. Thanks for bringing it up!!!

...

Our current recommendation is to use iptables, which you have to use anyway, if your system runs in the public space somewhere.

Well, of course it is always possible to find a workaround - fixing the source of the problem is a better approach.

x2go really looks like good quality software - but it is fair to say that listening on all interfaces by default is not exactly known as "good behaviour".

I have no time invstigating deeper into this, but of course this smells like "easy remote exploit" - I really would see this fixed ASAP

• and until it is not fixed it would be fair to put a big, red warning on the website and instruct users about how to configure their firewall until this problem is fixed - I bet there are many people not even knowing about this issue.

Done (not a big red sign though...) http://wiki.x2go.org/wiki:security:start?goagent

Please do not wait until somebody else checks if this is a good way to exploit an x2go server - hopefully it is NOT!

Fair enough. I am one of the core developers of X2Go and I will urge
the team towards a solution/patch against NoMachine's nxagent.

Thanks, Bughunter

Greets + big thanks! Mike

--

DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...