X2Go Bug report logs - #287
Linux Mint desktops configured too insecurely for multi-user mode

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: David Fuhrmann <fuhrmann_mail@web.de>

Date: Wed, 7 Aug 2013 05:48:02 UTC

Severity: critical

Tags: confirmed, moreinfo, wontfix

Found in version 4.0.1.6

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#287: [X2Go-Dev] Bug#287: x2goserver allows to connect to ALL X server sessions by default
Reply-To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 287@bugs.x2go.org
Resent-From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Wed, 07 Aug 2013 19:33:02 +0000
Resent-Message-ID: <handler.287.B287.137590334726589@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 287
X-X2Go-PR-Package: x2goserver
X-X2Go-PR-Keywords: moreinfo
Received: via spool by 287-submit@bugs.x2go.org id=B287.137590334726589
          (code B ref 287); Wed, 07 Aug 2013 19:33:02 +0000
Received: (at 287) by bugs.x2go.org; 7 Aug 2013 19:22:27 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=URIBL_BLOCKED autolearn=ham
	version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir (Postfix) with ESMTPS id C16BB5DB1E
	for <287@bugs.x2go.org>; Wed,  7 Aug 2013 21:22:26 +0200 (CEST)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 890889FD
	for <287@bugs.x2go.org>; Wed,  7 Aug 2013 21:22:26 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 7D0533BF19
	for <287@bugs.x2go.org>; Wed,  7 Aug 2013 21:22:26 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 6hWUsRVR+-Ar for <287@bugs.x2go.org>;
	Wed,  7 Aug 2013 21:22:26 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 6056D3BF13
	for <287@bugs.x2go.org>; Wed,  7 Aug 2013 21:22:26 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 3E7AB3BF1D
	for <287@bugs.x2go.org>; Wed,  7 Aug 2013 21:22:26 +0200 (CEST)
Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33)
	id 1E13E3BF19; Wed,  7 Aug 2013 21:22:25 +0200 (CEST)
Received: from p57B4C702.dip0.t-ipconnect.de (p57B4C702.dip0.t-ipconnect.de
 [87.180.199.2]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP;
 Wed, 07 Aug 2013 21:22:25 +0200
Message-ID: <20130807212225.14293ngtwzvr07sh@mail.das-netzwerkteam.de>
X-Priority: 3 (Normal)
Date: Wed, 07 Aug 2013 21:22:25 +0200
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: David Fuhrmann <fuhrmann_mail@web.de>
Cc: 287@bugs.x2go.org
References: <F7C30D2B-5461-457E-8088-7A0933A86EEF@web.de>
 <20130807114338.13215dfoanwep8sq@mail.das-netzwerkteam.de>
 <CANN0FUgL27BfEyQ_=4nLiY56rHjo5fGsf1OyDK47vLb2Gdi+jg@mail.gmail.com>
 <20130807160258.61246yer4vhkibo2@mail.das-netzwerkteam.de>
 <7590CCCD-172A-4E9A-BF38-49ADA374C4C1@web.de>
 <E539B638-2553-426F-9092-54BFB09662EF@web.de>
In-Reply-To: <E539B638-2553-426F-9092-54BFB09662EF@web.de>
MIME-Version: 1.0
Content-Type: multipart/signed;
 boundary="=_kuejmp9gv3l";
 protocol="application/pgp-signature";
 micalg="pgp-sha1"
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.3.4)
[Message part 1 (text/plain, inline)]
Hi David,

On Mi 07 Aug 2013 20:10:44 CEST David Fuhrmann wrote:

> To rule out some specific configuration issue in our current system,  
> I installed a fresh linux mint inside a virtual machine and was able  
> to confirm the issues.
>
> You should be able to reproduce it easily by doing the same. Choose  
> Linux Mint debian edition, 64 Bit, Mate package and install  
> x2goserver following your instructions for debian 7.

What is the primary GID of users on Linux Mint. Do they follow the pattern

  foo:foo
  bar:bar
  sunweaver:sunweaver

or is there a group that all users get crushed in with there primary  
GIDs, like

  foo:users
  bar:users
  sunweaver:users

???

Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 15:31:14 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.