X2Go - everywhere@home

User Tools

Site Tools

Trace: security

Sidebar


Announcements / News

Documentation

Download

Events

Wiki

About

Contact

wiki:security:start

This is an old revision of the document!

Table of Contents

Database Access

Postgres

No known exploits

Security on database Level

SQLite

No known exploits
  1. Change to x2go-user using suid-perl.
  2. Prepared statements

x2goprint

Might be exploited if someone becomes x2goprint-user
  1. The Cups-server connects the x2go-Server as x2goprint-user using ssh-key auth.
  2. x2goprint-user executes sudo to chenge the ownership of the pdf-file.
    • This script can currently be exploited.
    • If someone becomes x2goprint he might become root.

Pulseaudio

No known exploits / Needs review
  • Currently Pulse-Audio authentication using a cookie-file is used.
  • No option of encryption, but can be tunneled via SSH.
wiki/security/start.1303913882.txt.gz · Last modified: 2013/03/08 13:31 (external edit)

Page Tools

Imprint & Legal Disclaimer - Data Protection & Privacy Statement
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki