** Description changed: - There doesn't seem to be any obvious way to force LightDM's VNC server - to listen on only specified interfaces, most notably localhost. This - creates a security issue, as the best and most secure way to access a - VNC server is through an SSH tunnel where the client will only connect - to its localhost on a particular port having all connections through the - tunnel to the server's localhost port. + [Impact] + The XDMCP and VNC servers in LightDM allow connections on any network interface. It is desirable for these to be limited to a particular interface to limit who can connect (i.e. only allow local connections on 127.0.0.1). - If there is a proper way to do this or some sort of work-around, I would - be very interested in how to do so. As of right now, this makes - LightDM's VNC server unusable for me. + [Test Case] + 1. Enable the VNC server in LightDM in lightdm.conf: + [VNCServer] + enabled=true + listen-address=127.0.0.1 + 2. Start LightDM + With this setup you should only be able to make a local connection. + + [Regression potential] + Low. If the option is not set LightDM has the old behaviour.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1390808 Title: VNC / XDMCP server cannot be configured to listen on specific interfaces To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1390808/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
