Hi Alex, On Mo 20 Feb 2012 09:32:31 CET Oleksandr Shneyder wrote:
Am 19.02.2012 21:14, schrieb Milan Knížek:Hello list! I am a bit confused re. the discrepancy between wiki and actual behaviour of x2godesktop sharing: x the wiki [1] reads that With the desktopsharing function of X2go you can have full-access the desktop from somebody else... x when I (USER_B) connect from a remote machine with x2goclient to "local desktop" (USER_A logged in on tty7 of x2goserver), the USER_A's session is shown in the lists of sessions available for sharing, however the button "Full Access" is greyed-out and cannot be clicked. So USER_B is only allowed to view the USER_A's deskto. x having looked at x2godesktopsharing.git/sharetray.cpp, I can see that this is due to "bShadow->SetEnabled ( user==getCurrentUname() );" and have verified that the following patch removes the limitation: === --- onmainwindow_part2.cpp<---->2011-11-25 13:08:10.000000000 +0100 +++ onmainwindow_part2.cpp_mod<>2012-02-19 19:50:36.200838546 +0100 @@ -1132,7 +1132,7 @@ index.row(), D_USER ).data().toString(); bShadowView->setEnabled ( true ); - bShadow->setEnabled ( user==getCurrentUname() ); + bShadow->setEnabled ( true ); } } === Is this intentional behaviour due to the potential security issues mentioned here [2] (anyway, the remote user _can_ recompile the x2goagent to get rid of the limitation)? [1] http://www.x2go.org/wiki:components:desktop-sharing#usage [2] http://comments.gmane.org/gmane.linux.terminal-server.x2go.devel/2437 Regards, MilanI have disabled it, because in my opinion, security risk was just to high. At the moment, user can get full access only if connecting to his own desktop. Actually, removing such check in x2goclient should not do anything.
Ok...
This check is also included in x2gostartagent.
No, it is not. I can connect to other users' sessions with full-access via python-x2go (pyhoca-cli).
Anyway, if in future we want to enable such feature, we should also modify x2godesktopsharing and ask user if he give to other people a full or "only view" access. With big, fat, red warning.
That is a great idea. Let the user decide via x2godesktopsharing. Milan, are you willing to work on that (with our help)?
Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: [email protected], http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpHRNougdwzm.pgp
Description: Digitale PGP-Unterschrift
_______________________________________________ X2Go-Dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-dev
