X2Go Bug report logs - #509
Document NX/X11 security issue: clipboard sniffing

Package: wiki.x2go.org; Maintainer for wiki.x2go.org is x2go-dev@lists.x2go.org;

Reported by: Christoph Anton Mitterer <calestyo@scientia.net>

Date: Mon, 1 Jul 2013 02:48:02 UTC

Severity: grave

Tags: security

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#258: [X2Go-Dev] Bug#258: Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing
Reply-To: Christoph Anton Mitterer <calestyo@scientia.net>, 258@bugs.x2go.org
Resent-From: Christoph Anton Mitterer <calestyo@scientia.net>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Tue, 02 Jul 2013 18:03:01 +0000
Resent-Message-ID: <handler.258.B258.13727879048010@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 258
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: security
Received: via spool by 258-submit@bugs.x2go.org id=B258.13727879048010
          (code B ref 258); Tue, 02 Jul 2013 18:03:01 +0000
Received: (at 258) by bugs.x2go.org; 2 Jul 2013 17:58:24 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_BLOCKED
	autolearn=ham version=3.3.2
Received: from mailgw02.dd24.net (mailgw02.dd24.net [])
	by ymir (Postfix) with ESMTPS id 63BF45DB13
	for <258@bugs.x2go.org>; Tue,  2 Jul 2013 19:58:23 +0200 (CEST)
Received: from localhost (amavis01.dd24.net [])
	by mailgw02.dd24.net (Postfix) with ESMTP id 3A890356B98;
	Tue,  2 Jul 2013 17:58:23 +0000 (GMT)
X-Virus-Scanned: domaindiscount24.com mail filter gateway
Received: from mailgw02.dd24.net ([])
	by localhost (amavis01.dd24.net []) (amavisd-new, port 10197)
	with ESMTP id xiTRbrbyBbVH; Tue,  2 Jul 2013 17:58:17 +0000 (GMT)
Received: from [] (unknown [])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mailgw02.dd24.net (Postfix) with ESMTPSA id 4282E35666B;
	Tue,  2 Jul 2013 17:58:17 +0000 (GMT)
Message-ID: <1372787886.7849.104.camel@heisenberg.scientia.net>
From: Christoph Anton Mitterer <calestyo@scientia.net>
To: x2go-dev@lists.berlios.de, 258@bugs.x2go.org
Date: Tue, 02 Jul 2013 19:58:06 +0200
In-Reply-To: <CALxOYEas=OViucXEo50PfORCjcyxfdzNrCiNz7=rNJkohsmQYw@mail.gmail.com>
References: <1372646308.18508.2.camel@heisenberg.scientia.net>
Content-Type: multipart/signed; micalg="sha512";
X-Mailer: Evolution 3.4.4-3 
Mime-Version: 1.0
[Message part 1 (text/plain, inline)]
On Tue, 2013-07-02 at 11:10 +0400, Nable 80 wrote: 
> > And people don't see x2go (or VNC, or rdp) like a direct access
> > to their X server (as in plain X forwarding with xauth and that like).
> Why do you think so? Because they have it in window and didn't specify
> any option that exactly means 'turn on X11 forwarding'?
To be honest, I think both are strong reasons for expecting this... as
well as one easily tend to compare it with VNC (which gives you rather
the "secure" screenshots)...
But moreover... it's nowwhere really documented (at least where people
easily see it) - I didn't find it at all.
When one goes into the ssh/ssh_config manpages and read about the X
forwarding options... strongly warns one about the security implications
(which are basically like giving root to the remote).
When one reads the xauth manpage (and the fact that there is a dedicated
program which one needs to grant privileges)... one reads about what one

With X2go/NX.. there seem to be no such emphasised warnings in the
obvious places.

> After all, I think that it's not a grave issue as most people use X11
> forwarding for rather trusted hosts (or just don't care).
Well... don't think so... even not for the trusted ones (not to talk
about untrusted hosts)... but this is probably since people have
different requirements on security.

> One additional note: it's possible to turn on clipboard forwarding in
> RDP and VNC (and it's a very useful thing) but AFAIR in most clients
> _one have to specify it implicitly_ (and sometimes there's a separate
> option that allows some restricted clipboard access, for example
Yes... it is... but there you have to at least enable it (even though
most programs miss a strong warning on what can then easily happen...)

But to be honest... the clipboard sniffing problem seems to be "boring"
compared with the "direct interaction" with my local x server... at
least with respect to my security thinking...

Oh and no one from the developers should get me wrong:
I do see that NX is very nice and great with respect to it's speed,
which is probably not doable with VNC like screenshoting.... but a) I
think people are not warned/told enough about what happens
(technically)... and b) clear information misses... on what could
actually happen (in the sense of "is it secure as it is, or can this
direct communication with the local X server cause troubles - perhaps
there are none... and they only issues where those with the global root
window.. which seems not possible with NX? But perhaps there are!).

[smime.p7s (application/x-pkcs7-signature, attachment)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Feb 3 12:56:40 2023; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.