X2Go Bug report logs - #819
X2Go Client exposes all (network and local) drives on client-side folder sharing

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Mon, 16 Mar 2015 13:15:02 UTC

Severity: grave

Tags: build-win32

Found in version

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#819; Package x2goclient. (Mon, 16 Mar 2015 13:15:02 GMT) (full text, mbox, link).

Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Mon, 16 Mar 2015 13:15:02 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: submit@bugs.x2go.org
Subject: X2Go Client exposes all (network and local) drives on client-side folder sharing
Date: Mon, 16 Mar 2015 13:13:28 +0000
[Message part 1 (text/plain, inline)]
Package: x2goclient
Tags: build-win32
Severity: grave

Hi all,

I am not sure if this bug is X2Go Client or X2Go Server related,  
because I have no extended access to the site where the below issue  
just occurred.

    X2Go Client for Windows (
    on Windows 8.1 64bit

    X2Go Server
    running on Ubuntu 10.04

Session Type: GNOMEv2 desktop session

The windows machine is hooked into a network, i.e. the Windows's users  
%HOMEDRIVE% is on a server-side share, there are also several other  
network drives available. (as drive letters).

The user (a customer of mine) tried to directly share the "Documents"  
folder with the running X2Go session and then this SSHFS mount  
appeared on the X2Go Server's side:


This "_cygdrive_" folder contained letters (one drive letter per  
available network drive).

From there on you could browse all drive letters and sub-directories  
available on the client-side MS Windows machine. Thus, exposing all  
sorts of drive letters and their subfolders to the X2Go session.

!!! This must be considered as a severe data security breach. !!!

minor side issue: Furthermore, client-side shared folders hosted on  
network drives appeared in the X2Go session, but were not accessible  
by the user running the X2Go session (marked by a read cross and a  



mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[Message part 2 (application/pgp-signature, inline)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#819; Package x2goclient. (Wed, 27 Jul 2016 01:00:01 GMT) (full text, mbox, link).

Acknowledgement sent to "Chavez, Christopher A. (Assoc)" <christopher.chavez@nist.gov>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Wed, 27 Jul 2016 01:00:02 GMT) (full text, mbox, link).

Message #10 received at 819@bugs.x2go.org (full text, mbox, reply):

From: "Chavez, Christopher A. (Assoc)" <christopher.chavez@nist.gov>
To: "819@bugs.x2go.org" <819@bugs.x2go.org>
Subject: Re: X2Go Client exposes all (network and local) drives on client-side folder sharing
Date: Wed, 27 Jul 2016 00:41:07 +0000
I could almost reproduce this issue using client, Windows 7 64-bit, and server on Ubuntu 14.04.

I shared a folder from a running session, and the folder appeared as expected as a fuse.sshfs mount: _cygdrive_C_Users_%USERNAME%_SharedFolder (options: rw,nosuid,nodev,default_permissions,user=$USER)

A few minutes later the _cygdrive_ mount appeared (with same mount options).
However, only the drive corresponding to my %HOMEDRIVE% (which is not C:) has permissions 0700; the other drives (including c) had permissions 0000, so I could not traverse them. It also did not list any drives that appear in My Computer but are either inaccessible (e.g. disconnected share or insufficient permissions) or do not have media present (e.g. empty CD drive). There are also different permissions between the directories for intended shared folder mount (0700) and the ~/media/disk/_cygdrive_ mount (0555). chmod is unable to modify the permissions of the drive folders since it does not have write permissions for _cygrdrive_, but chmod also cannot add write permission to _cygdrive_ either for some reason (which might be expected fuse behavior).

Since the mount options allow_other and allow_root aren't specified, non-root users should not be able to access the files in the intended share mount or the _cygdrive_ mount (it's still possible for other users who can sudo to run sudo -u with your username to access any fuse mounts).

Also, when I go back to Share Folders in the main X2Go Client window, the folder I shared during the session is not listed (although the server is still connected to it).

Christopher A. Chavez
National Institute of Standards and Technology

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun May 26 02:11:22 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.