X2Go Bug report logs - #287
Linux Mint desktops configured too insecurely for multi-user mode

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: David Fuhrmann <fuhrmann_mail@web.de>

Date: Wed, 7 Aug 2013 05:48:02 UTC

Severity: critical

Tags: confirmed, moreinfo, wontfix

Found in version 4.0.1.6

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#287: [X2Go-Dev] Bug#287: x2goserver allows to connect to ALL X server sessions by default
Reply-To: David Fuhrmann <fuhrmann_mail@web.de>, 287@bugs.x2go.org
Resent-From: David Fuhrmann <fuhrmann_mail@web.de>
Original-Sender: David Fuhrmann <david.fuhrmann@gmail.com>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Wed, 07 Aug 2013 20:03:01 +0000
Resent-Message-ID: <handler.287.B287.13759053834763@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 287
X-X2Go-PR-Package: x2goserver
X-X2Go-PR-Keywords: moreinfo
Received: via spool by 287-submit@bugs.x2go.org id=B287.13759053834763
          (code B ref 287); Wed, 07 Aug 2013 20:03:01 +0000
Received: (at 287) by bugs.x2go.org; 7 Aug 2013 19:56:23 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_DNSWL_LOW,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54])
	by ymir (Postfix) with ESMTPS id 018235DB1E
	for <287@bugs.x2go.org>; Wed,  7 Aug 2013 21:56:22 +0200 (CEST)
Received: by mail-ee0-f54.google.com with SMTP id e53so1091017eek.27
        for <287@bugs.x2go.org>; Wed, 07 Aug 2013 12:56:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=sender:subject:mime-version:content-type:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=6dEJS5avVsjcxYvyvoQNZ4fn2ehSrqxWU8rKnmQo170=;
        b=rGPQ+PowpszPt7BYq0FDpTYz/lKDQ7HW9QGwyI/fGaSEYTTGkNH0FbKnEArHKPQeuR
         JmviyKhr+Y5OmN2igGW67ukU6YRpOgmHmy1ke9mbxCf1+ky2zfOp2qp6Or70C2/Sw2xD
         np+KJDn3Y+VVJwE0b8WFlhFtFlfhk01XxWEhH0m735U6FY5tHLpkciwyFiEshi9EokTQ
         s+j/lSL4BA5TNETlOGrBiqh/9m4UkD3V7zQHBRT1G7ba2U6zjBWNMk3MQeK3lHUrpGc3
         7S45Go998PrQ+2jy0Ty+MMDZvlRNIOb9QT3KCPqhhJUUca9PWKXf4qRz67Yja/LWSX7a
         butQ==
X-Received: by 10.15.41.77 with SMTP id r53mr4635619eev.64.1375905382711;
        Wed, 07 Aug 2013 12:56:22 -0700 (PDT)
Received: from [192.168.0.20] (erft-4d07d423.pool.mediaWays.net. [77.7.212.35])
        by mx.google.com with ESMTPSA id k3sm12450953een.16.2013.08.07.12.56.20
        for <multiple recipients>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Wed, 07 Aug 2013 12:56:21 -0700 (PDT)
Sender: David Fuhrmann <david.fuhrmann@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Content-Type: text/plain; charset=us-ascii
From: David Fuhrmann <fuhrmann_mail@web.de>
X-Priority: 3 (Normal)
In-Reply-To: <20130807212225.14293ngtwzvr07sh@mail.das-netzwerkteam.de>
Date: Wed, 7 Aug 2013 21:56:19 +0200
Cc: 287@bugs.x2go.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <16BAD52E-0196-43DC-A0D5-57BB7B844530@web.de>
References: <F7C30D2B-5461-457E-8088-7A0933A86EEF@web.de> <20130807114338.13215dfoanwep8sq@mail.das-netzwerkteam.de> <CANN0FUgL27BfEyQ_=4nLiY56rHjo5fGsf1OyDK47vLb2Gdi+jg@mail.gmail.com> <20130807160258.61246yer4vhkibo2@mail.das-netzwerkteam.de> <7590CCCD-172A-4E9A-BF38-49ADA374C4C1@web.de> <E539B638-2553-426F-9092-54BFB09662EF@web.de> <20130807212225.14293ngtwzvr07sh@mail.das-netzwerkteam.de>
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
X-Mailer: Apple Mail (2.1508)
Am 07.08.2013 um 21:22 schrieb Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:

> Hi David,
> 
> On Mi 07 Aug 2013 20:10:44 CEST David Fuhrmann wrote:
> 
>> To rule out some specific configuration issue in our current system, I installed a fresh linux mint inside a virtual machine and was able to confirm the issues.
>> 
>> You should be able to reproduce it easily by doing the same. Choose Linux Mint debian edition, 64 Bit, Mate package and install x2goserver following your instructions for debian 7.
> 
> What is the primary GID of users on Linux Mint. Do they follow the pattern
> 
>  foo:foo
>  bar:bar
>  sunweaver:sunweaver
> 
> or is there a group that all users get crushed in with there primary GIDs, like
> 
>  foo:users
>  bar:users
>  sunweaver:users

In a fresh linux mint system, the first one. In our production environment, the latter one.

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Dec 4 11:42:40 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.