From unknown Fri Mar 29 02:38:40 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#287: [X2Go-Dev] Bug#287: x2goserver allows to connect to ALL X server sessions by default Reply-To: Mike Gabriel , 287@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.berlios.de Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 07 Aug 2013 14:18:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 287 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: not-a-bug moreinfo wontfix Received: via spool by 287-submit@bugs.x2go.org id=B287.137588418315626 (code B ref 287); Wed, 07 Aug 2013 14:18:01 +0000 Received: (at 287) by bugs.x2go.org; 7 Aug 2013 14:03:03 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 2743F5DB1E for <287@bugs.x2go.org>; Wed, 7 Aug 2013 16:03:03 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id CA99EA1 for <287@bugs.x2go.org>; Wed, 7 Aug 2013 16:03:02 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id BBB723BC29 for <287@bugs.x2go.org>; Wed, 7 Aug 2013 16:03:02 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZfL3IargYIq1 for <287@bugs.x2go.org>; Wed, 7 Aug 2013 16:03:02 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 671913BB7E for <287@bugs.x2go.org>; Wed, 7 Aug 2013 16:03:02 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 213523BC29 for <287@bugs.x2go.org>; Wed, 7 Aug 2013 16:03:02 +0200 (CEST) Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33) id 050633BB7E; Wed, 7 Aug 2013 16:02:58 +0200 (CEST) Received: from m-047.informatik.uni-kiel.de (m-047.informatik.uni-kiel.de [134.245.254.47]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Wed, 07 Aug 2013 16:02:58 +0200 Message-ID: <20130807160258.61246yer4vhkibo2@mail.das-netzwerkteam.de> X-Priority: 3 (Normal) Date: Wed, 07 Aug 2013 16:02:58 +0200 From: Mike Gabriel To: David Fuhrmann Cc: 287@bugs.x2go.org References: <20130807114338.13215dfoanwep8sq@mail.das-netzwerkteam.de> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_6bppw0j8zafm"; protocol="application/pgp-signature"; micalg="pgp-sha1" Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.4) This message is in MIME format and has been PGP signed. --=_6bppw0j8zafm Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit control: tag -1 - wontfix control: tag -1 - not-a-bug Hi David, On Mi 07 Aug 2013 13:54:14 CEST David Fuhrmann wrote: > thanks > > ... for the answer. We just retested it today in our environment, and the > issue is still as described. Especially we did: > > 1) user_A starts a xfce x2go session on hostA, without starting > x2godesktopsharing. > 2) user_B logs in at hostA, using "connect to local desktop. It sees a X > session under its own user name, and a port. user_B can click on "full > access" and gets access to the session. > > Second test: > - user_A starts x2godesktopsharing, but leave the default setting (do not > allow access, with cross). > - user_B sees same behaviour as described above > > Third test: > - user_A starts x2godesktopsharing, but and enables access (green icon in > menu bar) > - user_B now sees two sessions in the session list: one with his own user > name, one with user_As user name. Both have the same port. If user_B > selects the one which has user_A as its name, he can only connect to view, > and eventually, this connection gets refused. (In the mean time, user_A > sees a question dialog asking user_B for access in the session.) > But still, user_B sees a session with his own name, and can connect to it > and gets full access to the xfce session started by user_A. > > So in summary: The x2godesktopsharing has no effect at all when it should > block all accesses, and only works partly when it should allow individual > access. > > In our environment, every machine has the same logins provided by an LDAP > server. I will retest at home to see how it behaves with normal local users. Ok, thanks for re-testing. I undo the taggings earlier made on this issue. This is indeed a big issue that needs immediate fixing!!! Next question: what distro are you on. I tested on Debian and it worked flawlessly. Do you have any chance to test on Debian or Ubuntu (if you are on some RPM based distro)? Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_6bppw0j8zafm Content-Type: application/pgp-signature Content-Description: Digitale PGP-Unterschrift Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJSAlOSAAoJEJr0azAldxsxVBYQAIkBTJ8NcDRY8EQb8xXmYXGb VCzKWIs+VfJJ/WUwYEKQdmN70wBaWrvzF7efXbIduxIUsa1WCgYNTzNQIfxA1idY yZYWFqnZIcFG78mI7z6r95doy/b3yvYcfdQEmXXkWkORVRSD55RRLVWEVERuhIkk VTmTcL5pFwvGiazfnbRPQIVTZyAlE/GzyAkNJBQ5A/16MmulgUTPVXVdUW0OUjGP 5PuAfEZN1NrJHk05CxaIkZUEvg41ZFpnxBS05c2nykhVL+HXfaACpsz37+P4SYfy qqn2xGMMEur1tVlRGlhPiK7PIn4nL2vOYy3gCxcZ1CFggZOhSA1ACINhRQU37KaW 0aRFDfk5owprDe90AFRr+xnnD/ojhHXz0W0FpYo2P4SVDjZAeyoCYOhRrQps67eC oHHTAkLwJbqQ4yCC5JQdU8uFJ0oM7dFnR+wbV7PvLKTIfgdBELkgGiOaNQRHfmqq uX0Ld/nCB2WTf82W5XU2tswZIjmo4gd9JDCZMuKiJpeNUhjRH+tL+uYq8FMunc8c SEWix2+gt258WJLbIFPRzp7FVxNp8CPCCaTEJrbc6YRJ8GrerQtaXyvEdZD9JMhg s4Gq3llYBR/o/pxX69h/dDNEW7oiBPxwEqwMsZE+mRCK0TKeSlqlruu86lqk1mbG /xD7RFq4aqSTkl3CvpqA =RQMa -----END PGP SIGNATURE----- --=_6bppw0j8zafm--