From unknown Fri Mar 29 08:17:51 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#258: [X2Go-Dev] Bug#258: Bug#258: Bug#258: SECURITY: x2goclient allows clipboard sniffing Reply-To: Nable 80 , 258@bugs.x2go.org Resent-From: Nable 80 Resent-To: x2go-dev@lists.berlios.de Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Tue, 02 Jul 2013 07:18:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 258 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: security Received: via spool by 258-submit@bugs.x2go.org id=B258.13727490198666 (code B ref 258); Tue, 02 Jul 2013 07:18:02 +0000 Received: (at 258) by bugs.x2go.org; 2 Jul 2013 07:10:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ymir (Postfix) with ESMTPS id 8AFDA5DA79 for <258@bugs.x2go.org>; Tue, 2 Jul 2013 09:10:18 +0200 (CEST) Received: by mail-bk0-f44.google.com with SMTP id 6so486465bkj.3 for <258@bugs.x2go.org>; Tue, 02 Jul 2013 00:10:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=/Ni05ZKP8Md5g2pjZmsXttbJEM7gF4bY8KxzxlrSoEw=; b=YTyCojcj/qdZ5kJ2faeVaoBRIyWwamYTFMDf9xiDmA7MNO6CXSe1LvMHrXE5wNOnNp XYYvnZuCb56BEhE0fYUqUWcWJOGO9Hb0LGq/fzHnN6sCPRK9kvTFwO2zYMzTVpg/d2E/ mArvLpcNR0tLcnz10QBd8RLxACRAfKt9LHM0979KwgqY++Cv9IhoZ8U50GwUYBfl5J9K 4s0cKeeSrHj61I9ivyvnsB3lOZZ39tBKFWQnsb2lTkISB8mfDnws2YKd3tfiD1ImTQcc p8Dg3i5kAYczAOzO+P5w4iwUbRf/8D1Qd2YSHI1t3x2R+NoYLOtLXW1h1QW5vmUx5Kq5 5vHQ== MIME-Version: 1.0 X-Received: by 10.205.4.132 with SMTP id oc4mr3682910bkb.171.1372749018231; Tue, 02 Jul 2013 00:10:18 -0700 (PDT) Received: by 10.204.235.194 with HTTP; Tue, 2 Jul 2013 00:10:18 -0700 (PDT) In-Reply-To: <1372728469.11367.26.camel@fermat.scientia.net> References: <1372646308.18508.2.camel@heisenberg.scientia.net> <20130701114356.GP2447@cip.informatik.uni-erlangen.de> <1372682609.25918.14.camel@heisenberg.scientia.net> <20130701140132.GQ2447@cip.informatik.uni-erlangen.de> <1372728469.11367.26.camel@fermat.scientia.net> Date: Tue, 2 Jul 2013 11:10:18 +0400 Message-ID: From: Nable 80 To: Christoph Anton Mitterer , 258@bugs.x2go.org, x2go-dev@lists.berlios.de Content-Type: text/plain; charset=ISO-8859-1 Hi, Chris. > So it directly goes into the local X server? > Wow... that's awful... like a security nightmare... Then, you don't use ssh -X/-Y, do you? > And people don't see x2go (or VNC, or rdp) like a direct access > to their X server (as in plain X forwarding with xauth and that like). Why do you think so? Because they have it in window and didn't specify any option that exactly means 'turn on X11 forwarding'? After all, I think that it's not a grave issue as most people use X11 forwarding for rather trusted hosts (or just don't care). One additional note: it's possible to turn on clipboard forwarding in RDP and VNC (and it's a very useful thing) but AFAIR in most clients _one have to specify it implicitly_ (and sometimes there's a separate option that allows some restricted clipboard access, for example: copying from remote to local but not vise versa). May be someone will make a patch to implement such options in X2Go.