From unknown Wed Apr 15 02:28:11 2026 X-Loop: owner@bugs.x2go.org Subject: Bug#819: X2Go Client exposes all (network and local) drives on client-side folder sharing Reply-To: "Chavez, Christopher A. (Assoc)" , 819@bugs.x2go.org Resent-From: "Chavez, Christopher A. (Assoc)" Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 27 Jul 2016 01:00:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 819 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: build-win32 Received: via spool by 819-submit@bugs.x2go.org id=B819.146958099221081 (code B ref 819); Wed, 27 Jul 2016 01:00:01 +0000 Received: (at 819) by bugs.x2go.org; 27 Jul 2016 00:56:32 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id ECF565DDF5 for <819@bugs.x2go.org>; Wed, 27 Jul 2016 02:56:26 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NdoNCa2Bu-11 for <819@bugs.x2go.org>; Wed, 27 Jul 2016 02:56:20 +0200 (CEST) X-Greylist: delayed 908 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Wed, 27 Jul 2016 02:56:19 CEST Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0128.outbound.protection.outlook.com [23.103.201.128]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id DFA685DA97 for <819@bugs.x2go.org>; Wed, 27 Jul 2016 02:56:19 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=IRnB0hLPRi1kLN8vRFZ/278tCDceDJQOZVYTRRPvHTE=; b=SNS/5OVwnn58eaPviMp4+RegD883RuQDcTeEzM8nI+zhTJl6oj6XIOktTNksEjA08Xylis0jYV33W3en5rAes8DGz3axYJZOcZvx/9yPgRGTMUu/Gz9kBUARqFZ5zmpupqAU/vgt7yv5GKyeXEBjcQiiqUMmf8S3aHYzJZWKgkQ= Received: from DM2PR09MB0732.namprd09.prod.outlook.com (10.161.145.141) by DM2PR09MB0729.namprd09.prod.outlook.com (10.161.145.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.549.15; Wed, 27 Jul 2016 00:41:08 +0000 Received: from DM2PR09MB0732.namprd09.prod.outlook.com ([10.161.145.141]) by DM2PR09MB0732.namprd09.prod.outlook.com ([10.161.145.141]) with mapi id 15.01.0544.019; Wed, 27 Jul 2016 00:41:08 +0000 From: "Chavez, Christopher A. (Assoc)" To: "819@bugs.x2go.org" <819@bugs.x2go.org> Thread-Topic: Re: X2Go Client exposes all (network and local) drives on client-side folder sharing Thread-Index: AdHnn1sP+b4/58jNS5SwtJHMosSEPg== Date: Wed, 27 Jul 2016 00:41:07 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=christopher.chavez@nist.gov; x-originating-ip: [132.163.48.109] x-ms-office365-filtering-correlation-id: afe8256f-48c4-4827-e0e8-08d3b5b6b32a x-microsoft-exchange-diagnostics: 1;DM2PR09MB0729;6:accQP69m2XemQ2zpW3wmNHuwgqGibELJMpr6qm/0UnjBGOJp8uDj1Z8wGzD3YzUfdMxxRVhn7phjJ7SsjECBZBZp4BLnlkFUuNyIBSOjEP9bOQlZO5y3k1yl3/IJOjOfS/Ui7lVV4M4GnJkq9qiwa4arjoE7BhuTf0uAsdoRRXYv9anqBmMnCyBO18CwohXmJkOyZQSO53FdhVwObTwHhZrfbOTAvdRKd8i4Fx7SGgTfLJWXk6l4k221QR1qcvn0Xp/aPRpeMRu8HSv26qSC44kgokXIyY43nF+LeXNiu0lpi1niNNHibg6EnT1elK1Lnt2Rprmy38jPVlhPD06ytw==;5:g1kF+tfTqiZlYyW35eDWDaV9ydI0kbsaMHZkSzYQlKVNxBADEpVcI9c2v9qveTvKDieSGO5XA8F9CrGGglf/lBUWl+WjFBopKOJl3lZ9BzOgi864ydZmaA5o3FXgGXDn64jOcjyBrSpU6g3LIu9Rqw==;24:lbN7mvQ/QnXjZW7YR7F5Xh/IALTb/EkM/cImNRy8lebd/tvjbu3MQPY/5omZbOYeQs0r65tVMcuWj6zIoZW4W8BA6yh8JUrfSm//yEHZVyE=;7:jfoNr3ckB7KBFYL5ET2ZHNl0OsJ+pzUED94XG+z7GVS7Vr2B3Wd1JjEXJ5ZKFa+/4ovwfkrbJ8WRtwFjJdmkfHM2nFSo8bQ2EUdDYak8T/SeJnrO0brYbEjVOEXq+MpwpNODxTRqTVWfnws8NDFMeD2LIUwvrReMwT2nL6fJt/U25MfpfcSdMp8wZiRLmsVK107CzitlYFPwYO7nDt6Jqn84uoZtoW5Avr9G1kGHKdPv7FbW55RKafiTvjEWqdSM x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR09MB0729; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863); x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026);SRVR:DM2PR09MB0729;BCL:0;PCL:0;RULEID:;SRVR:DM2PR09MB0729; x-forefront-prvs: 0016DEFF96 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(6009001)(7916002)(189002)(199003)(7696003)(8936002)(3660700001)(33656002)(7846002)(3280700002)(5003600100003)(77096005)(54356999)(50986999)(2900100001)(450100001)(106356001)(9686002)(305945005)(2351001)(7736002)(2906002)(68736007)(74316002)(99286002)(8676002)(5002640100001)(81156014)(81166006)(101416001)(110136002)(92566002)(10400500002)(76576001)(11100500001)(105586002)(87936001)(2501003)(122556002)(586003)(102836003)(3846002)(66066001)(189998001)(6116002)(86362001)(107886002)(97736004)(134885004);DIR:OUT;SFP:1102;SCL:1;SRVR:DM2PR09MB0729;H:DM2PR09MB0732.namprd09.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nist.gov X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2016 00:41:07.9585 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR09MB0729 I could almost reproduce this issue using client 4.0.5.1, Windows 7 64-bit,= and server 4.0.1.19 on Ubuntu 14.04. I shared a folder from a running session, and the folder appeared as expect= ed as a fuse.sshfs mount: _cygdrive_C_Users_%USERNAME%_SharedFolder (option= s: rw,nosuid,nodev,default_permissions,user=3D$USER) A few minutes later the _cygdrive_ mount appeared (with same mount options)= . However, only the drive corresponding to my %HOMEDRIVE% (which is not C:) h= as permissions 0700; the other drives (including c) had permissions 0000, s= o I could not traverse them. It also did not list any drives that appear in= My Computer but are either inaccessible (e.g. disconnected share or insuff= icient permissions) or do not have media present (e.g. empty CD drive). The= re are also different permissions between the directories for intended shar= ed folder mount (0700) and the ~/media/disk/_cygdrive_ mount (0555). chmod = is unable to modify the permissions of the drive folders since it does not = have write permissions for _cygrdrive_, but chmod also cannot add write per= mission to _cygdrive_ either for some reason (which might be expected fuse = behavior). Since the mount options allow_other and allow_root aren't specified, non-ro= ot users should not be able to access the files in the intended share mount= or the _cygdrive_ mount (it's still possible for other users who can sudo = to run sudo -u with your username to access any fuse mounts). Also, when I go back to Share Folders in the main X2Go Client window, the f= older I shared during the session is not listed (although the server is sti= ll connected to it). Christopher A. Chavez National Institute of Standards and Technology