Your message dated Mon, 13 Oct 2014 15:22:24 +0000
with message-id <[email protected]>
and subject line Bug#714778: fixed in remmina 1.1.1-1
has caused the Debian Bug report #714778,
regarding remmina-plugin-nx: NX/X2go apparently directly connects (parts of?)
the remove with the local X
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
714778: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714778
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: remmina-plugin-nx
Version: 1.0.0-6
Severity: important
Hi.
A recent discussion[0] at turned (to my very big suprise) out, that
NX/X2Go doesn't work like VNC/RDP (i.e. that it more or less sends the
pixbuffers which are locally drawin), but rather that there is some direct
injection of the remote's X clients X protocol into the local X server.
At upstream it was compared with running "ssh -X" respectively
plain X forwarding (after some xauth)...
As we all know, plain X forwarding has many serious security implications,
which basically means that no sane person will/should ever use it unless
the remote host is fully trusted.
To my understanding, this is typically not the case with VNC/RDP/NX... people
often use it to connect to systems out of their control.
Moroever, I guess many people expect NX to work conceptually more like
VNC/RDP, i.e. just drawing images (in a very sophisticated way), which is
probably more secure[1] than directly going into the X server.
a) I started a discussion upstream, whether one could make this somehow
better/more secure (my poor man's understanding would be that using a nested
X server (like Xephyr) for the communication with the remote NX could perhaps
help - but that's just guessing)... but it will at least take a lot of time
until anything comes out there (if at all).
b) To tell people about what really happens, I think the Debian package
should include a warning in the package description, that NX/X2go technology
is much more like plain X forwarding, with all its security implications.
In the case of the remmina source package, this should go to:
remmina-plugin-nx
Thanks,
Chris.
[0] http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=258
[1] Obviously secure for the local server - I don't talk about the network
communication between remote and local server which is pretty bad for VNC/RDP,
unless tunneled.
--- End Message ---
--- Begin Message ---
Source: remmina
Source-Version: 1.1.1-1
We believe that the bug you reported is fixed in the latest version of
remmina, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luca Falavigna <[email protected]> (supplier of updated remmina package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 13 Oct 2014 16:57:50 +0200
Source: remmina
Binary: remmina remmina-common remmina-plugin-rdp remmina-plugin-vnc
remmina-plugin-xdmcp remmina-plugin-nx remmina-plugin-telepathy
remmina-plugin-gnome remmina-dbg
Architecture: source all
Version: 1.1.1-1
Distribution: unstable
Urgency: medium
Maintainer: Luca Falavigna <[email protected]>
Changed-By: Luca Falavigna <[email protected]>
Description:
remmina - remote desktop client for GNOME desktop environment
remmina-common - common files for remmina remote desktop client
remmina-dbg - remote desktop client - debug pakcage
remmina-plugin-gnome - GNOME plugin for remmina remote desktop client
remmina-plugin-nx - NX plugin for remmina remote desktop client
remmina-plugin-rdp - RDP plugin for remmina remote desktop client
remmina-plugin-telepathy - Telepathy plugin for remmina remote desktop client
remmina-plugin-vnc - VNC plugin for remmina remote desktop client
remmina-plugin-xdmcp - XDMCP plugin for remmina remote desktop client
Closes: 714778 764142
Changes:
remmina (1.1.1-1) unstable; urgency=medium
.
* New upstream release.
- Fix load of RDP plugin when FreeRDP is compiled with
-DSTATIC_CHANNELS=off (Closes: #764142).
* debian/patches/freerdp_get_last_error.patch:
- Removed, applied upstream.
* debian/README.NX, debian/remmina-plugin-nx.docs:
- Add a short notice about NX security implications (Closes: #714778).
* debian/watch:
- Adjust GitHub link to look for all releases.
Checksums-Sha1:
c72609808f573c3ddbda9aa65490019c77e836b4 2667 remmina_1.1.1-1.dsc
31a020ad3dbfaf397a663c298e08eca380f0b1f7 797163 remmina_1.1.1.orig.tar.gz
a1700861547401dbdd15b99ab69014cbe7bbe9fa 7668 remmina_1.1.1-1.debian.tar.xz
f991d5967db9645e135913bc0d1e6104df25e279 232140 remmina-common_1.1.1-1_all.deb
Checksums-Sha256:
1f74bf501bd542b79fe8a12e8eb5555e29d7c1b08bab77cbf85c1e6854c3df53 2667
remmina_1.1.1-1.dsc
c96485a919848d9c1602c38075359b10417f4285659588b115b75d2cd5a4e884 797163
remmina_1.1.1.orig.tar.gz
e7f82e8400fbd319dce75a07c9e7e9c2a540567bdbd550c8e12d6c681c29359d 7668
remmina_1.1.1-1.debian.tar.xz
9b891110979d1507ae13b3a22b18c9c72c5e0af33e8232864956a115c9624c42 232140
remmina-common_1.1.1-1_all.deb
Files:
e0e3f21670c34d697674f2dd5eca3050 2667 gnome optional remmina_1.1.1-1.dsc
481dd96ebf7b14e4fd4df8648040b725 797163 gnome optional
remmina_1.1.1.orig.tar.gz
97876c52bb48a1e06eae32af64d2e21d 7668 gnome optional
remmina_1.1.1-1.debian.tar.xz
b91d833abd60e00896fe79e6c7158885 232140 gnome optional
remmina-common_1.1.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUO+rhAAoJEEkIatPr4vMf2WoP/RhT8iazeavfx9GXakPmj7dx
TguA7medMEoWx/4ZjB6B12KhGjqrUh6rofAWXyCBw+v3RXoQ2n4dJDdDa2QEFWGf
iil3P5m8SNPHUYzmn1hS84FpVV4fkKPNcbuEzhQDSGVkD60YumuxKRyWOiCyBZKf
KlZ7tr+EEhyQq6Hj0Swnblb9Fw+1yd5DVIf386Z50waVEnsKaJmfcGo82sqJj63h
0LN5m4ATIbn1KNi32pWgreyeA0MygFlkiHY8KkecrY6/T1chwUoIcA6IqibxQgpZ
ZvmpJBozBbqGlSFUEoNJt0WA8yB+3IO9bhM7PZi7HGPShiBRE3meD8F5nc6IDa3c
L5Om4B+VwkP4RoruEeknAIrMdE/FrhiOvOnoDhqgEus26lWUc7X3+9f6f4COm/i8
IxiimYr/VHtqXYn5sTmAfXXGeXnpGdkUVU4R3buGMdoN9WNoPKS0Bpeuh7gTi2Qz
YezwBFyuhvKlojjC6tgoaQhu1fYM/7j+G7eL5y2AxGFYuvrdR+59xXhWV5kk/Wm3
uszwWHIxDjFc7Sw6P8dNl/XlV+tRGMgsq/QLozrRzozORVwY+0avBLHV/TVoclbU
vpmMnQazttZzgKRtbH4cJbPZLT3YToDguS4IJ9QtovVykuW6IZ23ba+502ISUSz0
DrmV0j4dr/wbMB5yL0dO
=l+19
-----END PGP SIGNATURE-----
--- End Message ---
