From unknown Mon Apr 13 04:31:01 2026 X-Loop: owner@bugs.x2go.org Subject: Bug#287: [X2Go-Dev] Bug#287: x2goserver allows to connect to ALL X server sessions by default Reply-To: David Fuhrmann , 287@bugs.x2go.org Resent-From: David Fuhrmann Original-Sender: David Fuhrmann Resent-To: x2go-dev@lists.berlios.de Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 07 Aug 2013 18:18:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 287 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: moreinfo Received: via spool by 287-submit@bugs.x2go.org id=B287.13758990492850 (code B ref 287); Wed, 07 Aug 2013 18:18:02 +0000 Received: (at 287) by bugs.x2go.org; 7 Aug 2013 18:10:49 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-ea0-f174.google.com (mail-ea0-f174.google.com [209.85.215.174]) by ymir (Postfix) with ESMTPS id C3D065DB1E for <287@bugs.x2go.org>; Wed, 7 Aug 2013 20:10:48 +0200 (CEST) Received: by mail-ea0-f174.google.com with SMTP id z15so986229ead.33 for <287@bugs.x2go.org>; Wed, 07 Aug 2013 11:10:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=BFUgTqaFVZx06Pqp3WxQSxwI0O/hVtrzL8D1BQivuyg=; b=oYXsPNzwqajW6IenXZRJTDXycs0h9PQmDMEzkI3RtKiYutqhbl3YhWin+q5xiFkM4q ur1JZ+tatjJrKJe0HHvyuxXGR+TT+USfHiBgkZEayZDwtthGAiOvxaNelYZ/rZ489+O3 7U1YJyjfOZcYxbClQNqei3Hfxy0wjSLqhQFDiwVZu0wHDcQKXrZJu1b+gEzfxGNYip0P VS6DdSHfaBY5RBf/S4V0AbWswpMWBkiUiQ9MbS0l2WSQuwFns812uJXWM6xEDl4TGIm4 DSuNQ33TpAh33bsnub6evU13U5TmYrXWyOWqqDwsxCRUPHuPqo8DqDF59xIFe2lzop3X uLuQ== X-Received: by 10.14.69.206 with SMTP id n54mr4208506eed.118.1375899048497; Wed, 07 Aug 2013 11:10:48 -0700 (PDT) Received: from [192.168.0.20] (erft-4d07d423.pool.mediaWays.net. [77.7.212.35]) by mx.google.com with ESMTPSA id f49sm6016919eec.7.2013.08.07.11.10.46 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 07 Aug 2013 11:10:47 -0700 (PDT) Sender: David Fuhrmann Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Content-Type: text/plain; charset=us-ascii From: David Fuhrmann X-Priority: 3 (Normal) In-Reply-To: <7590CCCD-172A-4E9A-BF38-49ADA374C4C1@web.de> Date: Wed, 7 Aug 2013 20:10:44 +0200 Cc: 287@bugs.x2go.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20130807114338.13215dfoanwep8sq@mail.das-netzwerkteam.de> <20130807160258.61246yer4vhkibo2@mail.das-netzwerkteam.de> <7590CCCD-172A-4E9A-BF38-49ADA374C4C1@web.de> To: Mike Gabriel X-Mailer: Apple Mail (2.1508) Hi, To rule out some specific configuration issue in our current system, I = installed a fresh linux mint inside a virtual machine and was able to = confirm the issues. You should be able to reproduce it easily by doing the same. Choose = Linux Mint debian edition, 64 Bit, Mate package and install x2goserver = following your instructions for debian 7. With best regards, David Am 07.08.2013 um 17:56 schrieb David Fuhrmann : > Hi, >=20 > We are using a debian-based linux mint, and installed the server from = the debian 7 repository IIRC. >=20 > I just tested at home on Ubuntu 10.04, and here it works fine. I think = this might be some configuration issue. >=20 > Best, > David >=20 > Am 07.08.2013 um 16:02 schrieb Mike Gabriel = : >=20 >> control: tag -1 - wontfix >> control: tag -1 - not-a-bug >>=20 >> Hi David, >>=20 >> On Mi 07 Aug 2013 13:54:14 CEST David Fuhrmann wrote: >>=20 >>> thanks >>>=20 >>> ... for the answer. We just retested it today in our environment, = and the >>> issue is still as described. Especially we did: >>>=20 >>> 1) user_A starts a xfce x2go session on hostA, without starting >>> x2godesktopsharing. >>> 2) user_B logs in at hostA, using "connect to local desktop. It sees = a X >>> session under its own user name, and a port. user_B can click on = "full >>> access" and gets access to the session. >>>=20 >>> Second test: >>> - user_A starts x2godesktopsharing, but leave the default setting = (do not >>> allow access, with cross). >>> - user_B sees same behaviour as described above >>>=20 >>> Third test: >>> - user_A starts x2godesktopsharing, but and enables access (green = icon in >>> menu bar) >>> - user_B now sees two sessions in the session list: one with his own = user >>> name, one with user_As user name. Both have the same port. If user_B >>> selects the one which has user_A as its name, he can only connect to = view, >>> and eventually, this connection gets refused. (In the mean time, = user_A >>> sees a question dialog asking user_B for access in the session.) >>> But still, user_B sees a session with his own name, and can connect = to it >>> and gets full access to the xfce session started by user_A. >>>=20 >>> So in summary: The x2godesktopsharing has no effect at all when it = should >>> block all accesses, and only works partly when it should allow = individual >>> access. >>>=20 >>> In our environment, every machine has the same logins provided by an = LDAP >>> server. I will retest at home to see how it behaves with normal = local users. >>=20 >> Ok, thanks for re-testing. I undo the taggings earlier made on this = issue. This is indeed a big issue that needs immediate fixing!!! >>=20 >> Next question: what distro are you on. I tested on Debian and it = worked flawlessly. Do you have any chance to test on Debian or Ubuntu = (if you are on some RPM based distro)? >>=20 >> Greets, >> Mike >>=20 >>=20 >> --=20 >>=20 >> DAS-NETZWERKTEAM >> mike gabriel, herweg 7, 24357 fleckeby >> fon: +49 (1520) 1976 148 >>=20 >> GnuPG Key ID 0x25771B31 >> mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de >>=20 >> freeBusy: >> = https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.= xfb >=20