X2Go Bug report logs - #310
X2Go logins as root scatter PostgreSQL database with half-started sessions

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Mon, 23 Sep 2013 11:48:02 UTC

Severity: normal

Tags: pending

Found in version 4.0.1.6

Fixed in version 4.0.1.7

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#310: X2Go issue (in src:x2goserver) has been marked as pending for release
Reply-To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 310-quiet@bugs.x2go.org
Resent-To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Mon, 23 Sep 2013 21:03:02 +0000
Resent-Message-ID: <handler.310.U310.137997016413717@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 310
X-X2Go-PR-Package: x2goserver
X-X2Go-PR-Keywords: pending
Received: via spool by 310-submitter@bugs.x2go.org id=U310.137997016413717
          (code U ref 310); Mon, 23 Sep 2013 21:03:02 +0000
Received: (at 310-submitter) by bugs.x2go.org; 23 Sep 2013 21:02:44 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS,
	URIBL_BLOCKED autolearn=ham version=3.3.2
Received: by ymir (Postfix, from userid 1005)
	id 408DD5DB21; Mon, 23 Sep 2013 23:02:44 +0200 (CEST)
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 310-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 310@bugs.x2go.org
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-Mailer: http://snipr.com/post-receive-tag-pending
Message-Id: <20130923210244.408DD5DB21@ymir>
Date: Mon, 23 Sep 2013 23:02:44 +0200 (CEST)
tag #310 pending
fixed #310 4.0.1.7
thanks

Hello,

X2Go issue #310 (src:x2goserver) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=91230bd

The issue will most likely be fixed in src:x2goserver (4.0.1.7).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit 91230bdaf3133ede8cd23612d4e6593b2c5a98cf
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Mon Sep 23 23:02:25 2013 +0200

    With PostgreSQL as session db backend, prevent the root user from launching sessions. Also, prevent x2gouser_root from being added as a PostgreSQL user. (Fixes: #310).

diff --git a/debian/changelog b/debian/changelog
index ae4f45c..67d32e5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,9 @@ x2goserver (4.0.1.7-0~x2go1) UNRELEASED; urgency=low
       (Fixes: #285).
     - Provide sudoers.d/x2goserver file that allows sudoed commands under
       KDE (by pertaining the env var QT_GRAPHICSSYSTEM. (Fixes: #276).
+    - With PostgreSQL as session db backend, prevent the root user from
+      launching sessions. Also, prevent x2gouser_root from being added as a
+      PostgreSQL user. (Fixes: #310).
   * /debian/control:
     - Update LONG_DESCRIPTIONS.
     - Move xfonts-base from Recommends: field to Depends: field (bin:package

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Mar 29 12:13:26 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.