User Tools

Site Tools


wiki:security:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
wiki:security:start [2012/02/20 09:50]
morty [Solution for privacy]
wiki:security:start [2014/01/08 10:20] (current)
sunweaver [SQLite]
Line 1: Line 1:
 +~~NOTOC~~
 +====== Thoughts on Security ======
 +===== Session Database Backends =====
 +==== PostgreSQL ====
  
-====== Database Access ====== 
-===== Postgres ===== 
-<note>No known exploits</note> 
  
-===== SQLite ===== +  * In X2Go Server versions prior to 4.0.1.12 (or 4.0.0.10 for the Baikal LTS release branch), there used to be a [[http://www.cvedetails.com/cve/CVE-2013-7261|root exploit]] that got reported and fixed around X-mas 2013. 
-<note>No known exploits</note>+ 
 + 
 +==== SQLite ==== 
 + 
 +  * In X2Go Server versions prior to 4.0.1.12 (or 4.0.0.10 for the Baikal LTS release branch), there used to be a [[http://www.cvedetails.com/cve/CVE-2013-7261|root exploit]] that got reported and fixed around X-mas 2013. 
      
  
-====== x2goprint ======+====== X2Go client-side Printing ======
 <note important>Might be exploited if someone becomes x2goprint-user</note> <note important>Might be exploited if someone becomes x2goprint-user</note>
  
Line 43: Line 49:
   * Currently Pulse-Audio authentication using a cookie-file is used.   * Currently Pulse-Audio authentication using a cookie-file is used.
   * No option of encryption, but can be tunneled via SSH.   * No option of encryption, but can be tunneled via SSH.
-  * When using the TCE the client has only one user. Therefore the following user may get sounds from the previous, suspended user.+  * When using the TCE the client has only one user. Therefore the following user may get sounds from the previous, suspended user, if not tunneling pulseaudio.
  
 ===== Solution for privacy ===== ===== Solution for privacy =====
Line 54: Line 60:
 Morty: I looked into this recently (End of 2011). Unfortunately, due to the buffering done on the server, this might start to "swing" (playback getting faster and slower again and again).  Morty: I looked into this recently (End of 2011). Unfortunately, due to the buffering done on the server, this might start to "swing" (playback getting faster and slower again and again). 
  
-====== x2goagent ====== +====== X2Go Agent ======
- +
-  * x2goagent/nxagent opens a port 6050+ and binds to all network interfaces. This should be tweaked so that x2goagent/nxagent binds to localhost only. Refer to: http://article.gmane.org/gmane.linux.terminal-server.x2go.user/430+
  
 +  * [[http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=147d22c44167b9b2d4afbdaf17262555a7af713b|This issue has been fixed]]: x2goagent/nxagent opens a port 6050+ and binds to all network interfaces. This should be tweaked so that x2goagent/nxagent binds to localhost only. Refer to: http://article.gmane.org/gmane.linux.terminal-server.x2go.user/430
 +  * Now, only for XDMCP session the listening port 6050+ is opened (otherwise XDMCP queries do fail)
 +  * If people need x2goagent listening on TCP, it can also be re-enabled in ''/etc/x2go/x2goagent.options''.
 +  
wiki/security/start.1329731416.txt.gz · Last modified: 2013/03/08 13:31 (external edit)