[X2Go-Dev] Bug#287: Bug#287: x2goserver allows to connect to ALL X server sessions by default
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Wed Aug 7 16:02:58 CEST 2013
control: tag -1 - wontfix
control: tag -1 - not-a-bug
Hi David,
On Mi 07 Aug 2013 13:54:14 CEST David Fuhrmann wrote:
> thanks
>
> ... for the answer. We just retested it today in our environment, and the
> issue is still as described. Especially we did:
>
> 1) user_A starts a xfce x2go session on hostA, without starting
> x2godesktopsharing.
> 2) user_B logs in at hostA, using "connect to local desktop. It sees a X
> session under its own user name, and a port. user_B can click on "full
> access" and gets access to the session.
>
> Second test:
> - user_A starts x2godesktopsharing, but leave the default setting (do not
> allow access, with cross).
> - user_B sees same behaviour as described above
>
> Third test:
> - user_A starts x2godesktopsharing, but and enables access (green icon in
> menu bar)
> - user_B now sees two sessions in the session list: one with his own user
> name, one with user_As user name. Both have the same port. If user_B
> selects the one which has user_A as its name, he can only connect to view,
> and eventually, this connection gets refused. (In the mean time, user_A
> sees a question dialog asking user_B for access in the session.)
> But still, user_B sees a session with his own name, and can connect to it
> and gets full access to the xfce session started by user_A.
>
> So in summary: The x2godesktopsharing has no effect at all when it should
> block all accesses, and only works partly when it should allow individual
> access.
>
> In our environment, every machine has the same logins provided by an LDAP
> server. I will retest at home to see how it behaves with normal local users.
Ok, thanks for re-testing. I undo the taggings earlier made on this
issue. This is indeed a big issue that needs immediate fixing!!!
Next question: what distro are you on. I tested on Debian and it
worked flawlessly. Do you have any chance to test on Debian or Ubuntu
(if you are on some RPM based distro)?
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20130807/7e9fe3f3/attachment.pgp>
More information about the x2go-dev
mailing list