control: tag -1 moreinfo control: tag -1 not-a-bug control: tag -1 wontfix On Mi 07 Aug 2013 07:36:18 CEST David Fuhrmann wrote: > I just noticed that x2goserver allows to connect to ALL running X > sessions on the target machine, using "connect to local desktop". > These might be logged in local users, or NX sessions which were not > terminated correctly. This is especially worse in the latter case, > as the screen is not locked here, normally. > > This is a HUGE security leak, as now all users are able to access > data of the other users, and hinder them from working by > manipulating current sessions. > > Normal remote desktop software should BLOCK such access by default, > and only allow it when the user explicitly requested it or > configured it so. I just tested this to be really sure that this is a not-a-bug report... What you describe only works for the same login!!!! So if my user (sunweaver) logs in locally to an X-Session and ,,sunweaver'' then connects via X2Go to connect to a local X session then I can access my __own__ local X sessions. However, I cannot access other users' sessions unless they grant access via the X2Go Desktop Sharing utility. Please re-test and re-confirm or post a message that states that the mistake was on your part. Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb