X2Go Bug report logs - #509
Document NX/X11 security issue: clipboard sniffing

Package: wiki.x2go.org; Maintainer for wiki.x2go.org is x2go-dev@lists.x2go.org;

Reported by: Christoph Anton Mitterer <calestyo@scientia.net>

Date: Mon, 1 Jul 2013 02:48:02 UTC

Severity: grave

Tags: security

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#258: [X2Go-User] Limiting clipboard sharing
Reply-To: Krzysztof Ilowiecki <krzysztof.ilowiecki@sourcecap.ch>, 258@bugs.x2go.org
Resent-From: Krzysztof Ilowiecki <krzysztof.ilowiecki@sourcecap.ch>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Tue, 28 Jan 2014 18:15:01 +0000
Resent-Message-ID: <handler.258.B258.139093269419268@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 258
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: security
Received: via spool by 258-submit@bugs.x2go.org id=B258.139093269419268
          (code B ref 258); Tue, 28 Jan 2014 18:15:01 +0000
Received: (at 258) by bugs.x2go.org; 28 Jan 2014 18:11:34 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
X-Greylist: delayed 371 seconds by postgrey-1.34 at ymir; Tue, 28 Jan 2014 19:11:33 CET
Received: from mail.sourcecap.ch (mail.sourcecap.ch [])
	by ymir (Postfix) with ESMTP id A44035DB13
	for <258@bugs.x2go.org>; Tue, 28 Jan 2014 19:11:33 +0100 (CET)
Received: from [] (kril.rem.sc.int [])
	by mail.sourcecap.ch (Postfix) with ESMTPSA id A033E320AB;
	Tue, 28 Jan 2014 19:05:21 +0100 (CET)
Message-ID: <52E7F17D.2010001@sourcecap.ch>
Date: Tue, 28 Jan 2014 19:05:49 +0100
From: Krzysztof Ilowiecki <krzysztof.ilowiecki@sourcecap.ch>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130215 Thunderbird/17.0.3
MIME-Version: 1.0
To: x2go-user@lists.berlios.de
CC: 258@bugs.x2go.org
References: <52E69B93.8010904@sourcecap.ch> <20140128154910.Horde.bz7_7CdkDRplg9xdW4kZbg2@mail.das-netzwerkteam.de> <52E7D6B8.6070208@sourcecap.ch>
In-Reply-To: <52E7D6B8.6070208@sourcecap.ch>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.96 at pmx4
X-Virus-Status: Clean
On 01/28/2014 05:11 PM, Kris Ilowiecki wrote:
> I have been looking through the sources, and my most recent idea was
> experimenting with editing /usr/bin/nxagent to run nxagent.bin
> with something like "-clipboard no"
> I will try the exact approach you are suggesting, though
> my bash+awk aren't that good

just a short update, the crude approach I had tried
(hacking /usr/bin/nxagent) seems to be working.
I just had made the mistake of typing "-clipboard no" instead of
"-clipboard none" or "-clipboard client".

I will have a closer look at editing the x2gostartagent to read 
x2goserver.conf, but I don't know if I'll succeed at this point.

Many thanks,

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Feb 3 13:26:26 2023; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.