From mike.gabriel@das-netzwerkteam.de Sat Aug 17 17:28:17 2013 Received: (at 287) by bugs.x2go.org; 17 Aug 2013 15:28:18 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id D32E75DA6C for <287@bugs.x2go.org>; Sat, 17 Aug 2013 17:28:17 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 32A5DC93 for <287@bugs.x2go.org>; Sat, 17 Aug 2013 17:28:17 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 29F183BF2C for <287@bugs.x2go.org>; Sat, 17 Aug 2013 17:28:17 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tRO693BoJT4w for <287@bugs.x2go.org>; Sat, 17 Aug 2013 17:28:17 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 0BC783BF3C for <287@bugs.x2go.org>; Sat, 17 Aug 2013 17:28:17 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id E00D43BB75 for <287@bugs.x2go.org>; Sat, 17 Aug 2013 17:28:16 +0200 (CEST) Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33) id 85C653BF2C; Sat, 17 Aug 2013 17:28:16 +0200 (CEST) Received: from 83-68-217-98.cable.dc13.debconf.org (83-68-217-98.cable.dc13.debconf.org [83.68.217.98]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Sat, 17 Aug 2013 17:28:16 +0200 Message-ID: <20130817172816.13812lxtcg86qc9c@mail.das-netzwerkteam.de> X-Priority: 3 (Normal) Date: Sat, 17 Aug 2013 17:28:16 +0200 From: Mike Gabriel To: David Fuhrmann Cc: 287@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#287: x2goserver allows to connect to ALL X server sessions by default References: <20130807114338.13215dfoanwep8sq@mail.das-netzwerkteam.de> <20130807160258.61246yer4vhkibo2@mail.das-netzwerkteam.de> <7590CCCD-172A-4E9A-BF38-49ADA374C4C1@web.de> <20130807212225.14293ngtwzvr07sh@mail.das-netzwerkteam.de> <16BAD52E-0196-43DC-A0D5-57BB7B844530@web.de> <32EA1C31-9067-4862-B5A7-24F6909253B3@web.de> In-Reply-To: <32EA1C31-9067-4862-B5A7-24F6909253B3@web.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_2b9d1qumr9g0"; protocol="application/pgp-signature"; micalg="pgp-sha1" Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.4) This message is in MIME format and has been PGP signed. --=_2b9d1qumr9g0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit Hi David, On Sa 17 Aug 2013 09:03:21 CEST David Fuhrmann wrote: > Any news regarding this bug? I have set up a test VM for this issue today and I can absolute confirm what you report. I will investigate on that further today/tomorrow, and I am quite sure of being able to exploit this without X2Go as well. My guess is a mis-configuration in Linux mint around the local X-Server. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_2b9d1qumr9g0 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Unterschrift Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJSD5aQAAoJEJr0azAldxsxjMgP/jWNu4b6gWYlcH9pJyV8gdmc 63t8HLKjf1kuaLFmf1yKAFuDM5bS55+U75M097wSQeYt+z18HhthuBE7hm4wuaUL ACWyaj6vzESzTEkTtO6NyN/TQ7qVqdUUNoCi+YI2Es9qMoxipl09pWHU34T1J0oo AnWfS3bb77qKql/Tu0KtleD2VxmSuUTT1Ce9auhJEpKCIk0q5/t8h8QeZht2no4D wBLwHeNVZ4xx4LVPcqZBIUBFsqJhAnl0FUi6k60M7oS07XAiM/gZO1XwaM9a1R54 +nI8tzkC+TN6Q994gJYUN5jaEr97b1uj8V7ARE4BpZRlt/bSyT95/JNEVBu8bzeO AoO09Lrc2irEkw2Lwt6gNaCBNYZitjQDRXiPmmHZHD4JQDBryutmu+QR7OUDV0wx GQa9E/eCTxgOKDvFZKXH+sNrD+ENZCN/qR+V0GU7VAZSPuKPBjDgArtMtH2T8My3 0Lx7WAZh0I1o0rbwvp8Fqz0CniiejD/+QKWURAkiiHHzyK+UYSKODGGDWF1kwcQe PHNDwGboxYrX4AzjB2iMyXOYxvBWe8QptdtQl7jMIxj5iGZFUdLeE1gTjf2kThXx Nlx+XitQK3Dok+ZwP2ogZbcSB4QWWVjEi9r3XjTMip/0sXjYVmfKLQ9AUTM9qJHh 42uXmr59p/8ZqRe2YhQu =GSHw -----END PGP SIGNATURE----- --=_2b9d1qumr9g0--