Security on database Level

1. Change to x2go-user using suid-perl. This is needed as there is a common database.
2. Prepared statements should make things safe.

1. The Cups-server connects the x2go-Server as x2goprint-user using ssh-key auth.
2. x2goprint-user executes sudo to chenge the ownership of the pdf-file.
   • This script can currently be exploited.
   • If someone becomes x2goprint he might become root.

• Start a local cups-server for every user
• Server listens on a File-socket owned by the user
• Add a PDF-Printer to that server (as the cups-user runs as that user, there should be no issues with file permissions)
• Import printers from global server
• + Secure solution, as no other user is involved
• - Every user needs an extra instance (The extra memory usage should not be too much)

• Write a simple C-Program 'x2goprinter' that is run as the user who wants to print unsing the s-Bit
• The Program writes stdin to argv[1] in the printing-directory
• It also checks whether the user is x2goprint or root
• + Can be easily adopted
• - x2goprint must be installed by the client
• - s-bit → Needs security checks

• Currently Pulse-Audio authentication using a cookie-file is used.
• No option of encryption, but can be tunneled via SSH.
• When using the TCE the client has only one user. Therefore the following user may get sounds from the previous, suspended user.

• Start pulse-audio server on the server
• use sink-tunnel to tunnel to the clinet
• Disconnect sink on suspend
• Send sound to null-dev
• This also solves issues if the client get disconnected unexpectedly.

• Is it possible to hijack an x2go-session? If yes, how? What can we do about it?