X2Go Bug report logs -
#1295
x2goclient/broker mode : don't close on suspended session with --close-disconnect
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1295
; Package x2goclient
.
(Wed, 09 May 2018 14:05:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Walid MOGHRABI <w.moghrabi@servicemagic.eu>
:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
Your message specified a Severity: in the pseudo-header, but
the severity value bug was not recognised.
The default severity normal is being used instead.
The recognised values are: critical, grave, important, normal, minor, wishlist.
(Wed, 09 May 2018 14:05:02 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
package: x2goclient
version: 4.1.2.0-0~1750~ubuntu16.04.1
priority: bug
In broker/tce mode, when I connect a new session on TCE-CLIENT-1, if I live migrate the running session on TCE-CLIENT-2, the session is detached from client 1 to client 2 correctly (suspended on client 1 and correctly resumed on client 2) but x2goclient doesn't close itself on client 1 once session is detached.
The client stays opened on the sessions profiles list with the currently logged in user instead of closing itself and getting back to the broker login prompt.
This is a major security issue since anyone can then just click on a session profile to connect with the current user credentials.
Regards,
Walid Moghrabi
TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3
---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1295
; Package x2goclient
.
(Tue, 15 May 2018 12:05:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 15 May 2018 12:05:02 GMT) (full text, mbox, link).
Message #10 received at 1295@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Walid,
On Mi 09 Mai 2018 16:00:43 CEST, Walid MOGHRABI wrote:
> package: x2goclient
> version: 4.1.2.0-0~1750~ubuntu16.04.1
> priority: bug
>
> In broker/tce mode, when I connect a new session on TCE-CLIENT-1, if
> I live migrate the running session on TCE-CLIENT-2, the session is
> detached from client 1 to client 2 correctly (suspended on client 1
> and correctly resumed on client 2) but x2goclient doesn't close
> itself on client 1 once session is detached.
This per se is a bug, as --close-disconnect fails.
> The client stays opened on the sessions profiles list with the
> currently logged in user instead of closing itself and getting back
> to the broker login prompt.
I think --close-disconnect is not what you want. You want --broker-autologoff.
> This is a major security issue since anyone can then just click on a
> session profile to connect with the current user credentials.
Understood. However, please check if you can achieve the correct
behaviour with --broker-autologoff. It saves you the X2Go Client
restarts on session logout.
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
[Message part 2 (application/pgp-signature, inline)]
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Sat Nov 23 09:45:24 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.