From nable.maininbox@googlemail.com Tue Jul 2 09:10:18 2013 Received: (at 258) by bugs.x2go.org; 2 Jul 2013 07:10:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ymir (Postfix) with ESMTPS id 8AFDA5DA79 for <258@bugs.x2go.org>; Tue, 2 Jul 2013 09:10:18 +0200 (CEST) Received: by mail-bk0-f44.google.com with SMTP id 6so486465bkj.3 for <258@bugs.x2go.org>; Tue, 02 Jul 2013 00:10:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=/Ni05ZKP8Md5g2pjZmsXttbJEM7gF4bY8KxzxlrSoEw=; b=YTyCojcj/qdZ5kJ2faeVaoBRIyWwamYTFMDf9xiDmA7MNO6CXSe1LvMHrXE5wNOnNp XYYvnZuCb56BEhE0fYUqUWcWJOGO9Hb0LGq/fzHnN6sCPRK9kvTFwO2zYMzTVpg/d2E/ mArvLpcNR0tLcnz10QBd8RLxACRAfKt9LHM0979KwgqY++Cv9IhoZ8U50GwUYBfl5J9K 4s0cKeeSrHj61I9ivyvnsB3lOZZ39tBKFWQnsb2lTkISB8mfDnws2YKd3tfiD1ImTQcc p8Dg3i5kAYczAOzO+P5w4iwUbRf/8D1Qd2YSHI1t3x2R+NoYLOtLXW1h1QW5vmUx5Kq5 5vHQ== MIME-Version: 1.0 X-Received: by 10.205.4.132 with SMTP id oc4mr3682910bkb.171.1372749018231; Tue, 02 Jul 2013 00:10:18 -0700 (PDT) Received: by 10.204.235.194 with HTTP; Tue, 2 Jul 2013 00:10:18 -0700 (PDT) In-Reply-To: <1372728469.11367.26.camel@fermat.scientia.net> References: <1372646308.18508.2.camel@heisenberg.scientia.net> <20130701114356.GP2447@cip.informatik.uni-erlangen.de> <1372682609.25918.14.camel@heisenberg.scientia.net> <20130701140132.GQ2447@cip.informatik.uni-erlangen.de> <1372728469.11367.26.camel@fermat.scientia.net> Date: Tue, 2 Jul 2013 11:10:18 +0400 Message-ID: Subject: Re: [X2Go-Dev] Bug#258: Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing From: Nable 80 To: Christoph Anton Mitterer , 258@bugs.x2go.org, x2go-dev@lists.berlios.de Content-Type: text/plain; charset=ISO-8859-1 Hi, Chris. > So it directly goes into the local X server? > Wow... that's awful... like a security nightmare... Then, you don't use ssh -X/-Y, do you? > And people don't see x2go (or VNC, or rdp) like a direct access > to their X server (as in plain X forwarding with xauth and that like). Why do you think so? Because they have it in window and didn't specify any option that exactly means 'turn on X11 forwarding'? After all, I think that it's not a grave issue as most people use X11 forwarding for rather trusted hosts (or just don't care). One additional note: it's possible to turn on clipboard forwarding in RDP and VNC (and it's a very useful thing) but AFAIR in most clients _one have to specify it implicitly_ (and sometimes there's a separate option that allows some restricted clipboard access, for example: copying from remote to local but not vise versa). May be someone will make a patch to implement such options in X2Go.