X2Go Bug report logs - #258
SECURITY: x2goclient allows clipboard sniffing

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Christoph Anton Mitterer <calestyo@scientia.net>

Date: Mon, 1 Jul 2013 02:48:02 UTC

Severity: grave

Tags: pending, security

Fixed in version 4.0.2.1

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


Message #70 received at 258@bugs.x2go.org (full text, mbox, reply):

Received: (at 258) by bugs.x2go.org; 28 Jan 2014 18:11:34 +0000
From krzysztof.ilowiecki@sourcecap.ch  Tue Jan 28 19:11:33 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.3.2
X-Greylist: delayed 371 seconds by postgrey-1.34 at ymir; Tue, 28 Jan 2014 19:11:33 CET
Received: from mail.sourcecap.ch (mail.sourcecap.ch [91.201.56.210])
	by ymir (Postfix) with ESMTP id A44035DB13
	for <258@bugs.x2go.org>; Tue, 28 Jan 2014 19:11:33 +0100 (CET)
Received: from [172.168.246.3] (kril.rem.sc.int [172.168.246.3])
	by mail.sourcecap.ch (Postfix) with ESMTPSA id A033E320AB;
	Tue, 28 Jan 2014 19:05:21 +0100 (CET)
Message-ID: <52E7F17D.2010001@sourcecap.ch>
Date: Tue, 28 Jan 2014 19:05:49 +0100
From: Krzysztof Ilowiecki <krzysztof.ilowiecki@sourcecap.ch>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130215 Thunderbird/17.0.3
MIME-Version: 1.0
To: x2go-user@lists.berlios.de
CC: 258@bugs.x2go.org
Subject: Re: [X2Go-User] Limiting clipboard sharing
References: <52E69B93.8010904@sourcecap.ch> <20140128154910.Horde.bz7_7CdkDRplg9xdW4kZbg2@mail.das-netzwerkteam.de> <52E7D6B8.6070208@sourcecap.ch>
In-Reply-To: <52E7D6B8.6070208@sourcecap.ch>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.96 at pmx4
X-Virus-Status: Clean
On 01/28/2014 05:11 PM, Kris Ilowiecki wrote:
> I have been looking through the sources, and my most recent idea was
> experimenting with editing /usr/bin/nxagent to run nxagent.bin
> with something like "-clipboard no"
>
> I will try the exact approach you are suggesting, though
> my bash+awk aren't that good

just a short update, the crude approach I had tried
(hacking /usr/bin/nxagent) seems to be working.
I just had made the mistake of typing "-clipboard no" instead of
"-clipboard none" or "-clipboard client".

I will have a closer look at editing the x2gostartagent to read 
x2goserver.conf, but I don't know if I'll succeed at this point.

Many thanks,
Kris


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Mar 29 00:45:35 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.