From david.fuhrmann@gmail.com Wed Aug 7 17:56:48 2013 Received: (at 287) by bugs.x2go.org; 7 Aug 2013 15:56:49 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-ea0-f179.google.com (mail-ea0-f179.google.com [209.85.215.179]) by ymir (Postfix) with ESMTPS id 7C8475DB1E for <287@bugs.x2go.org>; Wed, 7 Aug 2013 17:56:48 +0200 (CEST) Received: by mail-ea0-f179.google.com with SMTP id b10so915272eae.38 for <287@bugs.x2go.org>; Wed, 07 Aug 2013 08:56:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=TULNUeSSB1zhMDjllI0tc3P7OXIb3vlzhHVtseH2vCE=; b=IoQdErGXdp4fxd0PpHd+z4XojCMldFB11ij0+2sCJkVdAA14OphREM1NMaM2LkWJm9 Q14e/K4yX+mP0iWOyMh6AV1vSB3jf5o8ob/9XdcWxdwXhi011JOIvX8RaalHBgMB5WdV Z6eEGMgdyDz8Gr53m0cJacSdex1kvfRUtEv+P1Jgnl/wHjOU3gBVD1jXiFYICZcmSck+ NwIUWA8W5IXr79DojZFbmhZx0coG7eGQ08k6BiCFZ83UOlhoVrTjWUSmr1z6wwjSy2ey EWRh/rGUEjekD6kamWjC5w7W0nK6awxClu4grIAToX62jEumPP4U/w7pVitweYpJgRPv BtgQ== X-Received: by 10.14.179.131 with SMTP id h3mr3706273eem.102.1375891008151; Wed, 07 Aug 2013 08:56:48 -0700 (PDT) Received: from [192.168.0.20] (erft-4d07d423.pool.mediaWays.net. [77.7.212.35]) by mx.google.com with ESMTPSA id m54sm10723337eex.2.2013.08.07.08.56.46 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 07 Aug 2013 08:56:47 -0700 (PDT) Sender: David Fuhrmann Subject: Re: [X2Go-Dev] Bug#287: x2goserver allows to connect to ALL X server sessions by default Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Content-Type: text/plain; charset=us-ascii From: David Fuhrmann X-Priority: 3 (Normal) In-Reply-To: <20130807160258.61246yer4vhkibo2@mail.das-netzwerkteam.de> Date: Wed, 7 Aug 2013 17:56:45 +0200 Cc: 287@bugs.x2go.org Content-Transfer-Encoding: quoted-printable Message-Id: <7590CCCD-172A-4E9A-BF38-49ADA374C4C1@web.de> References: <20130807114338.13215dfoanwep8sq@mail.das-netzwerkteam.de> <20130807160258.61246yer4vhkibo2@mail.das-netzwerkteam.de> To: Mike Gabriel X-Mailer: Apple Mail (2.1508) Hi, We are using a debian-based linux mint, and installed the server from = the debian 7 repository IIRC. I just tested at home on Ubuntu 10.04, and here it works fine. I think = this might be some configuration issue. Best, David Am 07.08.2013 um 16:02 schrieb Mike Gabriel = : > control: tag -1 - wontfix > control: tag -1 - not-a-bug >=20 > Hi David, >=20 > On Mi 07 Aug 2013 13:54:14 CEST David Fuhrmann wrote: >=20 >> thanks >>=20 >> ... for the answer. We just retested it today in our environment, and = the >> issue is still as described. Especially we did: >>=20 >> 1) user_A starts a xfce x2go session on hostA, without starting >> x2godesktopsharing. >> 2) user_B logs in at hostA, using "connect to local desktop. It sees = a X >> session under its own user name, and a port. user_B can click on = "full >> access" and gets access to the session. >>=20 >> Second test: >> - user_A starts x2godesktopsharing, but leave the default setting (do = not >> allow access, with cross). >> - user_B sees same behaviour as described above >>=20 >> Third test: >> - user_A starts x2godesktopsharing, but and enables access (green = icon in >> menu bar) >> - user_B now sees two sessions in the session list: one with his own = user >> name, one with user_As user name. Both have the same port. If user_B >> selects the one which has user_A as its name, he can only connect to = view, >> and eventually, this connection gets refused. (In the mean time, = user_A >> sees a question dialog asking user_B for access in the session.) >> But still, user_B sees a session with his own name, and can connect = to it >> and gets full access to the xfce session started by user_A. >>=20 >> So in summary: The x2godesktopsharing has no effect at all when it = should >> block all accesses, and only works partly when it should allow = individual >> access. >>=20 >> In our environment, every machine has the same logins provided by an = LDAP >> server. I will retest at home to see how it behaves with normal local = users. >=20 > Ok, thanks for re-testing. I undo the taggings earlier made on this = issue. This is indeed a big issue that needs immediate fixing!!! >=20 > Next question: what distro are you on. I tested on Debian and it = worked flawlessly. Do you have any chance to test on Debian or Ubuntu = (if you are on some RPM based distro)? >=20 > Greets, > Mike >=20 >=20 > --=20 >=20 > DAS-NETZWERKTEAM > mike gabriel, herweg 7, 24357 fleckeby > fon: +49 (1520) 1976 148 >=20 > GnuPG Key ID 0x25771B31 > mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de >=20 > freeBusy: > = https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.= xfb