X2Go Bug report logs - #354
Make x2goagent listening to TCP connections configurable in x2goserver.conf

Full log

Message #45 received at 354@bugs.x2go.org (full text, mbox, reply):

Received: (at 354) by bugs.x2go.org; 7 Dec 2013 20:48:01 +0000
From mike.gabriel@das-netzwerkteam.de  Sat Dec  7 21:48:00 2013
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=ham version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir (Postfix) with ESMTPS id B49775DB05
	for <354@bugs.x2go.org>; Sat,  7 Dec 2013 21:48:00 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 210021ECD8;
	Sat,  7 Dec 2013 21:48:00 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id BB63A3C2DA;
	Sat,  7 Dec 2013 21:47:59 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 9dDA6SsiSaja; Sat,  7 Dec 2013 21:47:59 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id 809313C065;
	Sat,  7 Dec 2013 21:47:59 +0100 (CET)
Received: from p4FE5F10B.dip0.t-ipconnect.de (p4FE5F10B.dip0.t-ipconnect.de
 [79.229.241.11]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP;
 Sat, 07 Dec 2013 20:47:59 +0000
Date: Sat, 07 Dec 2013 20:47:59 +0000
Message-ID: <20131207204759.Horde.ykUqekidzsjvppwa3ypAiQ7@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Alexander Wuerstlein <snalwuer@cip.informatik.uni-erlangen.de>
Cc: Stefan Baur <newsgroups.mail2@stefanbaur.de>, 354@bugs.x2go.org, Nick
 Ingegneri <n_ingegneri@yahoo.com>
Subject: Re: [X2Go-Dev] Bug#354: Bug#354: Make x2goagent listening to TCP
 connections configurable in x2goserver.conf
References: <20131206112155.Horde.SbfwdHK-kyPj8MElQt3mrQ1@mail.das-netzwerkteam.de>
 <52A1BBAE.90909@stefanbaur.de>
 <20131206120625.Horde.SkFUuwsrCrkJ3OMw64wKaA1@mail.das-netzwerkteam.de>
 <52A1C089.3090709@stefanbaur.de>
 <1386351855.74486.YahooMailNeo@web122101.mail.ne1.yahoo.com>
 <52A21285.7090407@stefanbaur.de>
 <20131206195600.GA26961@cip.informatik.uni-erlangen.de>
In-Reply-To: <20131206195600.GA26961@cip.informatik.uni-erlangen.de>
User-Agent: Internet Messaging Program (IMP) H5 (6.1.4)
Accept-Language: en,de
Organization: DAS-NETZWERKTEAM
X-Originating-IP: 79.229.241.11
X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101
 Firefox/23.0 Iceweasel/23.0
Content-Type: multipart/signed; boundary="=_hNrHBJgb3b6_ZSmFcs-t7Q1";
 protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0

[Message part 1 (text/plain, inline)]

Hi Stefan, hi Alexander,

On  Fr 06 Dez 2013 20:56:00 CET, Alexander Wuerstlein wrote:

> On 13-12-06 19:18, Stefan Baur <newsgroups.mail2@stefanbaur.de> wrote:
>> Am 06.12.2013 18:44, schrieb Nick Ingegneri:
>> >Once it became apparent in our testing that exporting displays didn't
>> >work as expected, the system administrator who installed it went through
>> >the configuration files and documentation looking for a solution. He
>> >couldn't find one, so he escalated it to me to look into. If we hadn't
>> >been able to find a fix it would have ruled out X2Go from further
>> >consideration, which would have been unfortunate as it is currently our
>> >leading choice for this particular need.
>>

>> [...]

>> Sorry, but I've seen way too many people go "chmod 777 -R /*" as
>> soon as something doesn't work as expected, and I'm fearing the same
>> for an easily reachable option to allow TCP connections - because
>> "xhost +" is the X/TCP equivalent of "chmod 777 -R /*" in the
>> filesystem.
>>
>> Of course, everybody is free to shoot him-/herself in the foot,
>> that's why it's Linux - but merely leaving a "this is dangerous"
>> note next to the parameter is like sticking a tag "please don't use
>> this unless you know what you're doing" on a loaded 12-gauge in a
>> room full of toddlers.
>
> There is one more aspect to this: If there is such a configuration
> option, then sooner or later the likes of Linux Mint will enable it by
> default for all their users, leaving them wide open to the whole world,
> despite all the warnings. They did that with 'xhost +'[0].
>
> So I agree that even just having such an option hidden away somewhere
> would be very very bad. It needs to be hard and a lot of work to break
> security or somebody will do it by default and deploy it on a wide
> scale.
>
>
>
> Ciao,
>
> Alexander Wuerstlein.
>
> [0] http://forums.linuxmint.com/viewtopic.php?f=90&t=106520

From a security point of view: is there really a severe difference in  
having to edit x2gostartagent or vs. x2goserver.conf as root to enable  
TCP listening for x2goagent? If people want to deploy X2Go and need  
TCP enabled they will do that anyway. You do not have to rebuild some  
binary to make that happen even, you just have to create a custom copy  
of x2gostartagent in /usr/local/bin.

@Nick: The above may very well be your workaround...

>> In my opinion, Mike is a bit too customer-friendly here by turning
>> your request into a wishlist item that lets every newbie shoot
>> him-/herself in the foot, security-wise, by toggling a setting in
>> the configuration.

My current focus is to spread X2Go, get more people interested in X2Go  
and get more people interested in developing / financing X2Go. If I  
here of a use case that involves hundreds of users, then I am open to  
supporting that use case one way or another. I don't think making  
TCP-listening configurable is a security problem. Once you enable that  
option, you should be aware of what you are doing. For sure.

The Linux Mint argument does not really count to me, either. As a  
package maintainer of a linux distribution, I can do anything patchy  
to the upstream code I like. People with the Linux Mint attitude may  
very easily patch x2gostartagent and ship a TCP-listening X2Go Server  
by default in their package archive. Wouldn't it make more sense,  
having that option configurable from the start then and providing the  
switch-off in an obvious place (i.e. a conffile)?

My point is: if you want to enable TCP listening of x2goagent, you  
have to switch one line in x2gostartagent. What I propose is a config  
parameter for x2goserver.conf that avoids people from nastily hacking  
x2gostartagent. I know several setups in intranet where display  
managers and X-servers run in TCP listen mode and for the local  
network that is ok and wanted. Of course for X2Go this should not be  
the default (that's why we closed down TCP listening earlier when it  
was still enabled by accident).


And Nick, I also think that you should seriously consider looking at  
the security aspects of your current IT setup. It seems quite hackable  
and you should really be sure that all of your staff members are  
really good friends (which normally is not the case for everyone at  
$WORK).


Greets,
Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.