[X2go-User] x2goagent listening on public interface - how to make it listen on 127.0.0.1 only?

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Sat Feb 18 17:31:03 CET 2012 

Hi Bughunter,

On Sa 18 Feb 2012 17:08:35 CET BUGHUNTER wrote:

>> I had a discussion with another of the developers (Alex) and we do
>> not know either, if there is a NX-builtin solution for just
>> listening on the localhost IP socket.
>
> could this be considered as an important missing feature? I did not
> find any way to put a feature request into a bugtracker, maybe you
> would like to do this or forward this to anybody who is more familiar
> with the development infrastructure? I am just an accidental by-alker
> and would like to proceed with other things... THANKS!

Yes, will do. Thanks for bringing it up!!!

>> Our current recommendation is to use iptables, which you have to use
>> anyway, if your system runs in the public space somewhere.
>
> Well, of course it is always possible to find a workaround - fixing
> the source of the problem is a better approach.
>
> x2go really looks like good quality software - but it is fair to say
> that listening on all interfaces by default is not exactly known as
> "good behaviour".
>
> I have no time invstigating deeper into this, but of course this
> smells like "easy remote exploit" - I really would see this fixed ASAP
> - and until it is not fixed it would be fair to put a big, red warning
> on the website and instruct users about how to configure their
> firewall until this problem is fixed - I bet there are many people not
> even knowing about this issue.

Done (not a big red sign though...)
http://wiki.x2go.org/wiki:security:start?&#x2goagent

> Please do not wait until somebody else checks if this is a good way to
> exploit an x2go server - hopefully it is NOT!

Fair enough. I am one of the core developers of X2Go and I will urge  
the team towards a solution/patch against NoMachine's nxagent.

> Thanks,
> Bughunter

Greets + big thanks!
Mike




-- 

DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20120218/f3074488/attachment.pgp>

More information about the x2go-user mailing list