X2Go Bug report logs - #310
X2Go logins as root scatter PostgreSQL database with half-started sessions

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Mon, 23 Sep 2013 11:48:02 UTC

Severity: normal

Tags: pending

Found in version 4.0.1.6

Fixed in version 4.0.1.7

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


Message #12 received at control@bugs.x2go.org (full text, mbox, reply):

Received: (at control) by bugs.x2go.org; 23 Sep 2013 21:02:52 +0000
From x2go@ymir  Mon Sep 23 23:02:44 2013
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS,
	URIBL_BLOCKED autolearn=unavailable version=3.3.2
Received: by ymir (Postfix, from userid 1005)
	id 408DD5DB21; Mon, 23 Sep 2013 23:02:44 +0200 (CEST)
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 310-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 310@bugs.x2go.org
Subject: X2Go issue (in src:x2goserver) has been marked as pending for release
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-Mailer: http://snipr.com/post-receive-tag-pending
Message-Id: <20130923210244.408DD5DB21@ymir>
Date: Mon, 23 Sep 2013 23:02:44 +0200 (CEST)
tag #310 pending
fixed #310 4.0.1.7
thanks

Hello,

X2Go issue #310 (src:x2goserver) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=91230bd

The issue will most likely be fixed in src:x2goserver (4.0.1.7).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit 91230bdaf3133ede8cd23612d4e6593b2c5a98cf
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Mon Sep 23 23:02:25 2013 +0200

    With PostgreSQL as session db backend, prevent the root user from launching sessions. Also, prevent x2gouser_root from being added as a PostgreSQL user. (Fixes: #310).

diff --git a/debian/changelog b/debian/changelog
index ae4f45c..67d32e5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,6 +16,9 @@ x2goserver (4.0.1.7-0~x2go1) UNRELEASED; urgency=low
       (Fixes: #285).
     - Provide sudoers.d/x2goserver file that allows sudoed commands under
       KDE (by pertaining the env var QT_GRAPHICSSYSTEM. (Fixes: #276).
+    - With PostgreSQL as session db backend, prevent the root user from
+      launching sessions. Also, prevent x2gouser_root from being added as a
+      PostgreSQL user. (Fixes: #310).
   * /debian/control:
     - Update LONG_DESCRIPTIONS.
     - Move xfonts-base from Recommends: field to Depends: field (bin:package


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Mar 29 00:34:26 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.