[X2go-User] x2goagent listening on public interface - how to make it listen on 127.0.0.1 only?
BUGHUNTER
bughunter at riseup.net
Sat Feb 18 17:08:35 CET 2012
Hello Mike,
> I had a discussion with another of the developers (Alex) and we do
> not know either, if there is a NX-builtin solution for just
> listening on the localhost IP socket.
could this be considered as an important missing feature? I did not
find any way to put a feature request into a bugtracker, maybe you
would like to do this or forward this to anybody who is more familiar
with the development infrastructure? I am just an accidental by-alker
and would like to proceed with other things... THANKS!
> Our current recommendation is to use iptables, which you have to use
> anyway, if your system runs in the public space somewhere.
Well, of course it is always possible to find a workaround - fixing
the source of the problem is a better approach.
x2go really looks like good quality software - but it is fair to say
that listening on all interfaces by default is not exactly known as
"good behaviour".
I have no time invstigating deeper into this, but of course this
smells like "easy remote exploit" - I really would see this fixed ASAP
- and until it is not fixed it would be fair to put a big, red warning
on the website and instruct users about how to configure their
firewall until this problem is fixed - I bet there are many people not
even knowing about this issue.
Please do not wait until somebody else checks if this is a good way to
exploit an x2go server - hopefully it is NOT!
Thanks,
Bughunter
More information about the x2go-user
mailing list