X2Go - everywhere@home

User Tools

Site Tools

Trace:
wiki:security:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
wiki:security:start [2012/02/20 09:50]
morty [Solution for privacy] 		wiki:security:start [2014/01/08 10:20]
sunweaver [PostgreSQL]
Line 1: Line 1:
 +~~NOTOC~~
 +====== Thoughts on Security ======
 +===== Session Database Backends =====
 +==== PostgreSQL ====
  
-====== Database Access ====== 
-===== Postgres ===== 
-<note>No known exploits</note> 
  
-===== SQLite ===== +  * In X2Go Server versions prior to 4.0.1.12 (or 4.0.0.10 for the Baikal LTS release branch), there used to be a [[http://www.cvedetails.com/cve/CVE-2013-7261|root exploit]] that got reported and fixed around X-mas 2013. 
-<note>No known exploits</note>+ 
 + 
 +==== SQLite ==== 
 + 
 +  * In versions of X2Go Server less than 4.0.1.12 (or 4.0.0.10 for the Baikal LTS release branch), there used to be a [[http://www.cvedetails.com/cve/CVE-2013-7261|root exploit]] that got reported and fixed around X-mas 2013. 
      
  
-====== x2goprint ======+====== X2Go client-side Printing ======
 <note important>Might be exploited if someone becomes x2goprint-user</note> <note important>Might be exploited if someone becomes x2goprint-user</note>
  
Line 43: Line 49:
   * Currently Pulse-Audio authentication using a cookie-file is used.   * Currently Pulse-Audio authentication using a cookie-file is used.
   * No option of encryption, but can be tunneled via SSH.   * No option of encryption, but can be tunneled via SSH.
-  * When using the TCE the client has only one user. Therefore the following user may get sounds from the previous, suspended user.+  * When using the TCE the client has only one user. Therefore the following user may get sounds from the previous, suspended user, if not tunneling pulseaudio.
  
 ===== Solution for privacy ===== ===== Solution for privacy =====
Line 54: Line 60:
 Morty: I looked into this recently (End of 2011). Unfortunately, due to the buffering done on the server, this might start to "swing" (playback getting faster and slower again and again).  Morty: I looked into this recently (End of 2011). Unfortunately, due to the buffering done on the server, this might start to "swing" (playback getting faster and slower again and again). 
  
-====== x2goagent ====== +====== X2Go Agent ======
- +
-  * x2goagent/nxagent opens a port 6050+ and binds to all network interfaces. This should be tweaked so that x2goagent/nxagent binds to localhost only. Refer to: http://article.gmane.org/gmane.linux.terminal-server.x2go.user/430+
  
 +  * [[http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=147d22c44167b9b2d4afbdaf17262555a7af713b|This issue has been fixed]]: x2goagent/nxagent opens a port 6050+ and binds to all network interfaces. This should be tweaked so that x2goagent/nxagent binds to localhost only. Refer to: http://article.gmane.org/gmane.linux.terminal-server.x2go.user/430
 +  * Now, only for XDMCP session the listening port 6050+ is opened (otherwise XDMCP queries do fail)
 +  * If people need x2goagent listening on TCP, it can also be re-enabled in ''/etc/x2go/x2goagent.options''.
 +  
wiki/security/start.txt · Last modified: 2014/01/08 10:20 by sunweaver

Page Tools

Imprint & Legal Disclaimer - Data Protection & Privacy Statement
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki