X2Go Bug report logs - #354
Make x2goagent listening to TCP connections configurable in x2goserver.conf

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Fri, 6 Dec 2013 11:33:02 UTC

Severity: wishlist

Tags: pending

Fixed in version 4.0.1.10

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log

Message #86 received at 354@bugs.x2go.org (full text, mbox, reply):

Received: (at 354) by bugs.x2go.org; 9 Dec 2013 08:03:02 +0000
From mike.gabriel@das-netzwerkteam.de  Mon Dec  9 09:03:01 2013
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
	RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir (Postfix) with ESMTPS id 5DB945DA7B
	for <354@bugs.x2go.org>; Mon,  9 Dec 2013 09:03:01 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 5DD101E92B;
	Mon,  9 Dec 2013 09:03:00 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 28C593C05F;
	Mon,  9 Dec 2013 09:03:00 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ZAwnyIiW5zn6; Mon,  9 Dec 2013 09:03:00 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPSA id DD18A3C059;
	Mon,  9 Dec 2013 09:02:58 +0100 (CET)
Received: from nocatv2.tng.de (nocatv2.tng.de [213.178.75.58]) by
 mail.das-netzwerkteam.de (Horde Framework) with HTTP; Mon, 09 Dec 2013
 08:02:56 +0000
Date: Mon, 09 Dec 2013 08:02:56 +0000
Message-ID: <20131209080256.Horde.2D3T_T19MBF-guIGrOhPwg2@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: x2go-dev@lists.berlios.de, Stefan Baur <newsgroups.mail2@stefanbaur.de>
Cc: Nable 80 <nable.maininbox@googlemail.com>, 354@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#354: Things you should know about X
References: <20131206112155.Horde.SbfwdHK-kyPj8MElQt3mrQ1@mail.das-netzwerkteam.de>
 <52A1BBAE.90909@stefanbaur.de>
 <20131206120625.Horde.SkFUuwsrCrkJ3OMw64wKaA1@mail.das-netzwerkteam.de>
 <52A1C089.3090709@stefanbaur.de>
 <1386351855.74486.YahooMailNeo@web122101.mail.ne1.yahoo.com>
 <52A21285.7090407@stefanbaur.de>
 <20131206195600.GA26961@cip.informatik.uni-erlangen.de>
 <20131207204759.Horde.ykUqekidzsjvppwa3ypAiQ7@mail.das-netzwerkteam.de>
 <52A39369.8050408@stefanbaur.de>
 <20131207215054.Horde.bR0h7aVrFSgs8VMWz2Sp2g2@mail.das-netzwerkteam.de>
 <1386515582.31556.YahooMailNeo@web122106.mail.ne1.yahoo.com>
 <52A4C9F2.5090904@stefanbaur.de>
 <CALxOYEYJYwmwYAJO39sF2avcq=N0jbGwE4Zj-jMcVQc_xyvvyQ@mail.gmail.com>
 <52A4D251.1080508@stefanbaur.de>
In-Reply-To: <52A4D251.1080508@stefanbaur.de>
User-Agent: Internet Messaging Program (IMP) H5 (6.1.4)
Accept-Language: en,de
Organization: DAS-NETZWERKTEAM
X-Originating-IP: 213.178.75.58
X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101
 Firefox/23.0 Iceweasel/23.0
Content-Type: multipart/signed; boundary="=_6rTtEW2RCMV92B_OvKLo5w1";
 protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0

[Message part 1 (text/plain, inline)]
Hi Stefan,

On  So 08 Dez 2013 21:10:57 CET, Stefan Baur wrote:

> Am 08.12.2013 21:05, schrieb Nable 80:
>> One should notice that without root ( who would give root access to
>> generic employee? except (possibly) on his workstation) you still
>> cannot access other users' cookies (except cases when one have too
>                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> wide permissions or known vulnerabilitites with privelege escalation),
>   ^^^^^^^^^^^^^^^^
>> so you cannot grab their X sessions, can you?
>
> And here we are again at "Hey, $FOO doesn't work, I'll just do chmod  
> -R 777 * and see if that makes it work."
>
> Plus, the rogue employee may as well be the admin, and thus have  
> root rights on the machine where you're logged in.
>
> -Stefan

For X2Go we must assume that the root user is a trustworthy person.  
Otherwise we are completely lost.

Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 15:30:39 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.