From mike.gabriel@das-netzwerkteam.de Mon Dec 9 09:03:01 2013 Received: (at 354) by bugs.x2go.org; 9 Dec 2013 08:03:02 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 5DB945DA7B for <354@bugs.x2go.org>; Mon, 9 Dec 2013 09:03:01 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 5DD101E92B; Mon, 9 Dec 2013 09:03:00 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 28C593C05F; Mon, 9 Dec 2013 09:03:00 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZAwnyIiW5zn6; Mon, 9 Dec 2013 09:03:00 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id DD18A3C059; Mon, 9 Dec 2013 09:02:58 +0100 (CET) Received: from nocatv2.tng.de (nocatv2.tng.de [213.178.75.58]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Mon, 09 Dec 2013 08:02:56 +0000 Date: Mon, 09 Dec 2013 08:02:56 +0000 Message-ID: <20131209080256.Horde.2D3T_T19MBF-guIGrOhPwg2@mail.das-netzwerkteam.de> From: Mike Gabriel To: x2go-dev@lists.berlios.de, Stefan Baur Cc: Nable 80 , 354@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#354: Things you should know about X References: <20131206112155.Horde.SbfwdHK-kyPj8MElQt3mrQ1@mail.das-netzwerkteam.de> <52A1BBAE.90909@stefanbaur.de> <20131206120625.Horde.SkFUuwsrCrkJ3OMw64wKaA1@mail.das-netzwerkteam.de> <52A1C089.3090709@stefanbaur.de> <1386351855.74486.YahooMailNeo@web122101.mail.ne1.yahoo.com> <52A21285.7090407@stefanbaur.de> <20131206195600.GA26961@cip.informatik.uni-erlangen.de> <20131207204759.Horde.ykUqekidzsjvppwa3ypAiQ7@mail.das-netzwerkteam.de> <52A39369.8050408@stefanbaur.de> <20131207215054.Horde.bR0h7aVrFSgs8VMWz2Sp2g2@mail.das-netzwerkteam.de> <1386515582.31556.YahooMailNeo@web122106.mail.ne1.yahoo.com> <52A4C9F2.5090904@stefanbaur.de> <52A4D251.1080508@stefanbaur.de> In-Reply-To: <52A4D251.1080508@stefanbaur.de> User-Agent: Internet Messaging Program (IMP) H5 (6.1.4) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 213.178.75.58 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 Iceweasel/23.0 Content-Type: multipart/signed; boundary="=_6rTtEW2RCMV92B_OvKLo5w1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_6rTtEW2RCMV92B_OvKLo5w1 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Hi Stefan, On So 08 Dez 2013 21:10:57 CET, Stefan Baur wrote: > Am 08.12.2013 21:05, schrieb Nable 80: >> One should notice that without root ( who would give root access to >> generic employee? except (possibly) on his workstation) you still >> cannot access other users' cookies (except cases when one have too > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> wide permissions or known vulnerabilitites with privelege escalation), > ^^^^^^^^^^^^^^^^ >> so you cannot grab their X sessions, can you? > > And here we are again at "Hey, $FOO doesn't work, I'll just do chmod > -R 777 * and see if that makes it work." > > Plus, the rogue employee may as well be the admin, and thus have > root rights on the machine where you're logged in. > > -Stefan For X2Go we must assume that the root user is a trustworthy person. Otherwise we are completely lost. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_6rTtEW2RCMV92B_OvKLo5w1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJSpXkwAAoJEJr0azAldxsxAMEQAIsJtVO0dkoVGPN7zKwC/fYt qz4oEL+maKbuJ7VLn3rF8D232+jBe8Cb6zogs5fBbR9g3bsK86efA7Mig7GqOb+V f1dqWm/33jvd/vFUulJUTmwF6ljvMS1/M2yTf/2hpuPo/yqKJb0WFV+ySWHPTjzU Dr5oOKggRuJWwBylGh9u77OWqkUcqsr8iV5hAcxnyZC4vxQsCzQ4uL1FmtTjC+r7 d/COegLiseozRDeFHURxfMkU/jgtc1Ey1y2pnyGj1WQwbcBcbnJzg71MPzk3k18j ICAgOkJn6uFM4BHEV7jIx1V9ovzOF2iLQAQUAvDbQ3oGR+dUzdmkoTqt4YsxfKOk GAXyQaU4XugmZPTvRmfIYwcSWZ28R/R1n8kip5IXCeQzqpIr5wAgAXI0htaF1yyj xdNzEsHVrhoziTrukg6KHME6UxvJjEBrlLSfwkWNSDVEOz4gM4b7EptIJWYzg8SP DQbePiL4Kk9LZ9LTRqD23K23ZC48iMKFY7Bh4Nfv0RrNyWtxnZ7Re//LA1NvSEBw mO3qbtOzYGAujTp0GsqGViJoDQLsoy6LQGw52iWsRcC0qmHcJYMAWJzOQxMxynsX qE3VpFv0ucFzkdbHC0RSIpBAWtClzwSBlJm9kn91WG0D/PWrn+4X8sKI6VSavTRq 8zJWKB4pa/dXu9rsC+82 =Y+S0 -----END PGP SIGNATURE----- --=_6rTtEW2RCMV92B_OvKLo5w1--