[X2Go-Dev] Bug#354: Bug#354: Make x2goagent listening to TCP connections configurable in x2goserver.conf

Fri Dec 6 19:08:05 CET 2013

Am 06.12.2013 18:44, schrieb Nick Ingegneri:

> Whatever solution we choose has to work within the existing environment
> and support the existing workflow. Our current workflow uses a mixture
> of xhost and xauth to allow xclients to connect to xservers. While "ssh
> -Y" may technically be an elegant solution, requiring it would break our
> existing tools, processes, and scripts.

Well, guys, it's 2013, almost 2014, and we live in the Post-NSA-Scandal 
world. The times of using "xhost +" and not having to worry about it are 
long over. Do yourself a favor and change your scripts.

> I acknowledge that there is a security issue with TCP connections in
> X11, but that is an architectural issue with X11 itself and not with
> X2Go per se. If the developers of X2Go were to make TCP connections
> impossible then effectively the defined security model of X11 (as
> documented in places like the XSecurity and Xauth man pages) would be
> broken. TCP is part of how X11 works.

As a side-note, I hope you're aware that those newfangled GUI thingies 
like Wayland and Mir are ditching TCP in their core design?  Just sayin' 
(I don't like them, either) - not that that comes to bite you in the 
lower back in a few years when you don't expect it.

> Once it became apparent in our testing that exporting displays didn't
> work as expected, the system administrator who installed it went through
> the configuration files and documentation looking for a solution. He
> couldn't find one, so he escalated it to me to look into. If we hadn't
> been able to find a fix it would have ruled out X2Go from further
> consideration, which would have been unfortunate as it is currently our
> leading choice for this particular need.

In my opinion, Mike is a bit too customer-friendly here by turning your 
request into a wishlist item that lets every newbie shoot him-/herself 
in the foot, security-wise, by toggling a setting in the configuration.
Sorry, but I've seen way too many people go "chmod 777 -R /*" as soon as 
something doesn't work as expected, and I'm fearing the same for an 
easily reachable option to allow TCP connections - because "xhost +" is 
the X/TCP equivalent of "chmod 777 -R /*" in the filesystem.

Of course, everybody is free to shoot him-/herself in the foot, that's 
why it's Linux - but merely leaving a "this is dangerous" note next to 
the parameter is like sticking a tag "please don't use this unless you 
know what you're doing" on a loaded 12-gauge in a room full of toddlers.

> Hopefully the above helps persuade you that there is a need for some
> users to be able to continue to support the existing X11 security model
> (including TCP).

Sorry, but you don't have me convinced that this is something anyone 
should use for a prolonged period of time.

> If you accept that point, then it seems there should be a more elegant
> way of enabling TCP than editing the x2gostartagent file. As someone
> brand new to looking at the project, files like x2goagent.options or
> x2goserver.conf are the obvious places I would expect to find an option
> to make this change.

My understanding of the issue is: It's possible to allow TCP 
connections, and the fact that it's not easily reachable - but can be 
reached - is a Good Thing(TM).
We should leave it that way.
You can manually allow TCP connections in your environment to ease 
transition to X2Go - but by all means, go ahead and fix your scripts so 
they use ssh -X/-Y, and do that soon. And reconfigure X2Go to "nolisten 
TCP" the second you're done fixing your scripts.

-Stefan