From w.moghrabi@servicemagic.eu Wed May 9 16:00:58 2018 Received: (at submit) by bugs.x2go.org; 9 May 2018 14:01:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 14E625DA81 for ; Wed, 9 May 2018 16:00:58 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3eoWqbMj9BK for ; Wed, 9 May 2018 16:00:49 +0200 (CEST) Received: from zm-01.servicemagic.eu (zm-01.servicemagic.eu [176.31.236.17]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 23AA45DA8C for ; Wed, 9 May 2018 16:00:49 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id 2141E8089C113 for ; Wed, 9 May 2018 16:00:44 +0200 (CEST) X-Amavis-Modified: Mail body modified (using disclaimer) - zm-01.servicemagic.eu X-Virus-Scanned: amavisd-new at servicemagic.eu Received: from zm-01.servicemagic.eu ([127.0.0.1]) by localhost (zm-01.servicemagic.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hd7-0VbEzMQv for ; Wed, 9 May 2018 16:00:43 +0200 (CEST) Received: from zm-01.servicemagic.eu (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id CBF51806C390E for ; Wed, 9 May 2018 16:00:43 +0200 (CEST) Date: Wed, 9 May 2018 16:00:43 +0200 (CEST) From: Walid MOGHRABI To: submit@bugs.x2go.org Message-ID: <386210362.29017491.1525874443782.JavaMail.root@servicemagic.eu> In-Reply-To: <1577747420.29014986.1525874065272.JavaMail.root@servicemagic.eu> Subject: x2goclient/broker mode : don't close on suspended session with --close-disconnect MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [195.200.167.70] X-Mailer: Zimbra 7.2.0_GA_2669 (ZimbraWebClient - GC66 (Linux)/7.2.0_GA_2669) package: x2goclient version: 4.1.2.0-0~1750~ubuntu16.04.1 priority: bug In broker/tce mode, when I connect a new session on TCE-CLIENT-1, if I live migrate the running session on TCE-CLIENT-2, the session is detached from client 1 to client 2 correctly (suspended on client 1 and correctly resumed on client 2) but x2goclient doesn't close itself on client 1 once session is detached. The client stays opened on the sessions profiles list with the currently logged in user instead of closing itself and getting back to the broker login prompt. This is a major security issue since anyone can then just click on a session profile to connect with the current user credentials. Regards, Walid Moghrabi TRAVAUX.COM BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403 13591 AIX EN PROVENCE CEDEX 3 --- DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you From mike.gabriel@das-netzwerkteam.de Tue May 15 14:01:15 2018 Received: (at 1295) by bugs.x2go.org; 15 May 2018 12:01:18 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=BAYES_00,RDNS_NONE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 96B995DAE9 for <1295@bugs.x2go.org>; Tue, 15 May 2018 14:01:15 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TCb9OYTJwL0X for <1295@bugs.x2go.org>; Tue, 15 May 2018 14:01:09 +0200 (CEST) Received: from fregna.das-netzwerkteam.de (unknown [IPv6:2a01:4f8:202:1381::1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 7FF665DACE for <1295@bugs.x2go.org>; Tue, 15 May 2018 14:01:09 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [148.251.201.105]) by fregna.das-netzwerkteam.de (Postfix) with ESMTPS id 6441560532; Tue, 15 May 2018 12:01:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 55420C47EC; Tue, 15 May 2018 14:01:09 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IrxnJSCypNRW; Tue, 15 May 2018 14:01:03 +0200 (CEST) Received: from das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id D0AE6C47EA; Tue, 15 May 2018 14:01:03 +0200 (CEST) Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de [178.62.101.154]) by mail.das-netzwerkteam.de (Horde Framework) with HTTPS; Tue, 15 May 2018 12:01:03 +0000 Date: Tue, 15 May 2018 12:01:03 +0000 Message-ID: <20180515120103.Horde.J-atjJEMwEJEk_ujSVdemdf@mail.das-netzwerkteam.de> From: Mike Gabriel To: Walid MOGHRABI , 1295@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#1295: x2goclient/broker mode : don't close on suspended session with --close-disconnect References: <1577747420.29014986.1525874065272.JavaMail.root@servicemagic.eu> <386210362.29017491.1525874443782.JavaMail.root@servicemagic.eu> In-Reply-To: <386210362.29017491.1525874443782.JavaMail.root@servicemagic.eu> User-Agent: Horde Application Framework 5 Accept-Language: de,en Organization: DAS-NETZWERKTEAM X-Originating-IP: 178.62.101.154 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Content-Type: multipart/signed; boundary="=_kFyUyOxNCD5hccLdzezhhcP"; protocol="application/pgp-signature"; micalg=pgp-sha256 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_kFyUyOxNCD5hccLdzezhhcP Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Walid, On Mi 09 Mai 2018 16:00:43 CEST, Walid MOGHRABI wrote: > package: x2goclient > version: 4.1.2.0-0~1750~ubuntu16.04.1 > priority: bug > > In broker/tce mode, when I connect a new session on TCE-CLIENT-1, if=20= =20 >=20I live migrate the running session on TCE-CLIENT-2, the session is=20= =20 >=20detached from client 1 to client 2 correctly (suspended on client 1=20= =20 >=20and correctly resumed on client 2) but x2goclient doesn't close=20=20 >=20itself on client 1 once session is detached. This per se is a bug, as --close-disconnect fails. > The client stays opened on the sessions profiles list with the=20=20 >=20currently logged in user instead of closing itself and getting back=20= =20 >=20to the broker login prompt. I think --close-disconnect is not what you want. You want --broker-autologo= ff. > This is a major security issue since anyone can then just click on a=20= =20 >=20session profile to connect with the current user credentials. Understood. However, please check if you can achieve the correct=20=20 behaviour=20with --broker-autologoff. It saves you the X2Go Client=20=20 restarts=20on session logout. Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de --=_kFyUyOxNCD5hccLdzezhhcP Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIzBAABCAAdFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlr6y/8ACgkQmvRrMCV3 GzHhwg/+LBGGUPcM4ex4Mj9qsVvZM4GEF2878tsii/HAvUyLpPZsYGpQ3EZnIsMn lP5RNyTM7IpZuP/olGUMMmkqsA8H2NXLOlEQv3NIBAhARDx/++Xny1nJbUn5Ucva XygdqGAtyEyuecNXFkmj+LmWXz3L+AstKcDISZcfaoAfFO2twwOoDWFfGn0vvVly rrUoHzo+0VT8G8n89kwhBRercrzEljDhsVsWl2Wq/tx1zjUtN+9LRk/2LUpHu3MZ Szguz0xZdV/0qmnX71+E22VsfRytVF23GSh8ugHnq72IpjOQHg4KB5kMSbwBU3/T NbYOjvMq0t65Ue1gmbWfqOOgjvGMYCZuFeegeNbEggV2qdWmt15U6SqDX4acGXEo 7yJsLUNLVZg9KLgc0kcZ+doYuQ22NI5ZHvNLQ7+WLDHFDBDsj/7Ssh6zZdurjO6+ M6pJZLwhoU15fvWWtQ6RVm33T/7PzRXALroi8G4nkKfuhrtfKMKQNs6tjnTWdkby beob8rs/rbHnPTFFQG/Pcq0Ry8my2AYVAQBrZrh3Wy7Q7ZYZz3nySj0oAAaygyUK G7C3wQcD28UluSLBsV0ubLU09LibAbi0TUv1KBB2P2oDz2PXO7iHyOE7rm13ectF Nx50m9rsqFlJPEZCADAA3fdoUGpOeSEgkuMfV39iiVwIZxA6L5E= =zfCA -----END PGP SIGNATURE----- --=_kFyUyOxNCD5hccLdzezhhcP--