X2Go Bug report logs - #1295
x2goclient/broker mode : don't close on suspended session with --close-disconnect

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Walid MOGHRABI <w.moghrabi@servicemagic.eu>

Date: Wed, 9 May 2018 14:05:02 UTC

Severity: normal

Found in version

Full log

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 9 May 2018 14:01:19 +0000
From w.moghrabi@servicemagic.eu  Wed May  9 16:00:58 2018
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.1
Received: from localhost (localhost [])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 14E625DA81
	for <submit@bugs.x2go.org>; Wed,  9 May 2018 16:00:58 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([])
	by localhost (ymir.das-netzwerkteam.de []) (amavisd-new, port 10024)
	with ESMTP id b3eoWqbMj9BK for <submit@bugs.x2go.org>;
	Wed,  9 May 2018 16:00:49 +0200 (CEST)
Received: from zm-01.servicemagic.eu (zm-01.servicemagic.eu [])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 23AA45DA8C
	for <submit@bugs.x2go.org>; Wed,  9 May 2018 16:00:49 +0200 (CEST)
Received: from localhost (localhost.localdomain [])
	by zm-01.servicemagic.eu (Postfix) with ESMTP id 2141E8089C113
	for <submit@bugs.x2go.org>; Wed,  9 May 2018 16:00:44 +0200 (CEST)
X-Amavis-Modified: Mail body modified (using disclaimer) -
X-Virus-Scanned: amavisd-new at servicemagic.eu
Received: from zm-01.servicemagic.eu ([])
	by localhost (zm-01.servicemagic.eu []) (amavisd-new, port 10024)
	with ESMTP id hd7-0VbEzMQv for <submit@bugs.x2go.org>;
	Wed,  9 May 2018 16:00:43 +0200 (CEST)
Received: from zm-01.servicemagic.eu (localhost.localdomain [])
	by zm-01.servicemagic.eu (Postfix) with ESMTP id CBF51806C390E
	for <submit@bugs.x2go.org>; Wed,  9 May 2018 16:00:43 +0200 (CEST)
Date: Wed, 9 May 2018 16:00:43 +0200 (CEST)
From: Walid MOGHRABI <w.moghrabi@servicemagic.eu>
To: submit@bugs.x2go.org
Message-ID: <386210362.29017491.1525874443782.JavaMail.root@servicemagic.eu>
In-Reply-To: <1577747420.29014986.1525874065272.JavaMail.root@servicemagic.eu>
Subject: x2goclient/broker mode : don't close on suspended session with
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: []
X-Mailer: Zimbra 7.2.0_GA_2669 (ZimbraWebClient - GC66 (Linux)/7.2.0_GA_2669)
package: x2goclient
priority: bug

In broker/tce mode, when I connect a new session on TCE-CLIENT-1, if I live migrate the running session on TCE-CLIENT-2, the session is detached from client 1 to client 2 correctly (suspended on client 1 and correctly resumed on client 2) but x2goclient doesn't close itself on client 1 once session is detached.
The client stays opened on the sessions profiles list with the currently logged in user instead of closing itself and getting back to the broker login prompt.

This is a major security issue since anyone can then just click on a session profile to connect with the current user credentials. 

Walid Moghrabi

DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Apr 17 14:52:13 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.